Read full version
Vladimir Fetisov
As part of the Pwn2Own information security conference taking place this week in Vancouver, researchers managed to hack Tesla’s security system twice. For this, they received a reward of $100,000 and a Tesla Model 3 electric car.
Tesla has long been working to improve the security of the software used in its electric vehicles and has been participating in the annual Pwn2Own conference for several years. As part of the current event, the researchers carried out a successful attack against the Tesla security system twice.
In the first case, specialists from Synacktiv conducted a successful time-of-check to time-of-use (TOCTOU) attack against Tesla Gateway. This type of vulnerability allows you to bypass the security check system by using the time interval between checking the resource for security and its use. The researchers successfully changed the state of a secure resource after performing a security check, but before an authorized user was able to access it. As a result, they were able to gain root access to the Tesla system and take full control of the attacked electric car.
In the second successful attack by Synacktiv specialists via Bluetooth, the Model 3 infotainment system was hacked. In total, the Synacktiv team members successfully completed most of the attempts to hack various products, earning 53 Master of Pwn points and receiving a total of $ 530 thousand in the form of rewards.