It Took Under Two Minutes For These Hackers to Hack a Tesla Model 3
Pwn2Own is a twice-a-year hacking conference that includes various contests for hackers to hack things and win the thing that got hacked, which, at this month’s Pwn2Own conference in Vancouver, included a Tesla Model 3, which a French company was able to exploit in less than two minutes.
Tesla Model 3 Is Now Cheaper Than the Average New Car
In case you missed it:
Of course, a lot more work went into the hack than a couple minutes, though when it is time to shine at the competition the hackers have only 10 minutes per attempt. They completed two different Tesla hacks, with the first one earning them $100,000 and a Model 3, and a second, more sophisticated one earning them $250,000. That latter one they completed with 8:45 left on the clock.
You can watch terribly unexciting if also very wholesome video of this great feat here:
Recapping Pwn2Own Vancouver 2023
The hackers did not in fact hack into a Model 3 in the interests of safety, but instead merely the head unit that operates navigation and infotainment, because who knows what a hacked Model 3 is really capable of. As in, Synacktiv says that, combined with its other Model 3 win, they could’ve taken over the car.
G/O Media may get a commission
Save $9
47% Off Essential Organic PH Cleanser
Sustainable beauty
Caprea’s Essential Organic PH Cleanser is just $10 with promo code TEN. Normally $19, this foaming face wash is crafted with organic Monoi oil. It’s meant to target the production of oil secretion while protecting your skin against air pollution. Normally $19, you can save big on this richly-lathering face wash while supporting a brand that keeps the environment top of mind.
I applaud these experienced and very pleased men. Synacktiv, a name which is making me hungry, also won top spot at the event.
Pwn2Own began in 2007 for the purposes of ethical hacking but has had a somewhat lower profile in recent years. It added cars in 2019, and a Tesla Model 3 was hacked that first year, via ZDNet:
Team Fluoroacetate —made up of Amat Cama and Richard Zhu— hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process to execute code on the car’s firmware and show a message on its entertainment system.
As per contest rules announced last fall, the duo now gets to keep the car. Besides keeping the car, they also received a $35,000 reward.
“In the coming days we will release a software update that addresses this research,” a Tesla spokesperson told ZDNet today in regards to the Pwn2Own vulnerability. “We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”
An email sent to Tesla for comment on this year’s hack went unreturned, though I’ll update this post if I hear back.
