French Researchers Win Big at Pwn2Own with Tesla Model 3 Hacks

March 26, 2023

At the annual Pwn2Own software exploitation contest, French hacking firm Synacktiv successfully demonstrated two exploit chains against Tesla’s newest electric car, the Model 3. The hacks exploited flaws in the car’s Tesla-Gateway and Tesla-Infotainment sub-systems, leading to the “full compromise” of the vehicle. The first hack earned the team $100,000 and the second, which used a heap overflow and an out-of-band write vulnerability, earned them $250,000 and made them the first-ever recipients of a Tier 2 award. The Tesla security response team was present and is expected to issue fixes via the car’s self-updating system. This is not the first time Tesla has sought to draw the attention of advanced exploit writers at Pwn2Own, as they gave away a Model 3 in 2019.

CONFIRMED! @Synacktiv used a heap overflow & an OOB write to exploit the Infotainment system on the Tesla. When they gave us the details, we determined they actually qualified for a Tier 2 award! They win $250,000 and 25 Master of Pwn points. 1st ever Tier 2 award. Stellar work! pic.twitter.com/IPOnXG5S0u
— Zero Day Initiative (@thezdi) March 23, 2023

Bruce Scifiain Editor

News

Related posts