As part of the Pwn2Own information security conference taking place this week in Vancouver, researchers managed to hack Tesla’s security system twice. They received a $100,000 reward and a Tesla Model 3 electric car.
Tesla has long worked to improve the security of the software used in its electric vehicles and has attended the annual Pwn2Own conference for several years. During the current event, the researchers twice successfully attacked Tesla’s security system.
In the first case, Synacktiv specialists performed a successful time-of-check-to-time-of-use (TOCTOU) attack against Tesla Gateway. This type of vulnerability allows you to bypass the security checking system using the time interval between checking the resource for security and using it. Researchers successfully changed the status of a secure resource after conducting a security check but before an authorized user could access it. This allowed them to gain root access to the Tesla system and take full control of the attacked electric car.
In the second successful attack by Synacktiv specialists via Bluetooth, the Model 3 infotainment system was hacked. Overall, Synacktiv team members successfully completed the most attempts to hack various products, earning 53 Master of Pwn points and receiving a total of $530 thousand in the form of rewards.