Tesla was successfully hacked in the annual Pwn2Own contest, allowing hackers who pulled off the feat to walk away with a large sum of money, but more importantly the vehicle they had just compromised.
This year, on the occasion of the famous Pwn2Own 2023 hacking contest, hackers and cybersecurity researchers have managed to penetrate several systems, including Windows, macOS and Tesla. This time it’s the Tesla Model 3 which suffered a security breach.
The Synactiv group, a collective of French hackers, used a so-called “Time-Of-Check Time-Of-Use” (TOCTOU) flaw to gain access to the Tesla. The flaw is created by the modification of internal files allowing access to the system. This technique is highly time-dependent, since it is based on the time lag between the verification of files by the system and the actual connection of a person.
Hackers win the Tesla Model 3
As every time a Tesla is hacked, the hackers left with the red car that can be seen above. It’s a nice giveaway each time from Tesla, but its vehicles are ultimately part of the “bug Bounty” reward, to encourage hackers to test the limits of the vehicle’s security system. The more it is hacked, the more secure it will become.
It’s unclear exactly how long it took the team of hackers to break into the Tesla’s system, but we’ve seen in other hacking cases that it can take just a few minutes. In 2020, a Bluetooth security breach made it possible to steal an electric car in just 90 seconds.
In addition to the car, the pirates obviously won a substantial sum: 100,000 dollars. A few hours later, the same team also managed to break into the vehicle’s infotainment system. This new achievement allowed them to win an additional $250,000, making a total of $350,000. Unfortunately, it seems that this second flaw did not allow them to win a second vehicle. It now remains to be seen whether Tesla will be able to close all the loopholes in its vehicles to hold its own in the next edition of the competition.