French Researchers Win Big at Pwn2Own with Tesla Model 3 Hacks

Image credit:

At the annual Pwn2Own software exploitation contest, French hacking firm Synacktiv successfully demonstrated two exploit chains against Tesla’s newest electric car, the Model 3. The hacks exploited flaws in the car’s Tesla-Gateway and Tesla-Infotainment sub-systems, leading to the “full compromise” of the vehicle. The first hack earned the team $100,000 and the second, which used a heap overflow and an out-of-band write vulnerability, earned them $250,000 and made them the first-ever recipients of a Tier 2 award. The Tesla security response team was present and is expected to issue fixes via the car’s self-updating system. This is not the first time Tesla has sought to draw the attention of advanced exploit writers at Pwn2Own, as they gave away a Model 3 in 2019.