"Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest"

Hackers from the France-based penetration testing company Synacktiv recently demonstrated two different Tesla Model 3 exploits at the Pwn2Own hacking contest in Vancouver. The attacks granted them extensive access to subsystems controlling the safety and other components of the vehicle. One of the exploits was a time-of-check-to-time-of-use (TOCTTOU) attack against Tesla's Gateway energy management system. They demonstrated their ability to unlock the front trunk or door of a moving Tesla Model 3 and more. The less than two-minute attack earned the researchers a new Tesla Model 3 and a $100,000 cash reward. In the second attack, Synacktiv researchers used a heap overflow vulnerability and an out-of-bounds write error in a Bluetooth chipset to infiltrate a Tesla's infotainment system and then gain root access to other subsystems. The hack earned the researchers an even larger $250,000 bounty and Pwn2Own's first-ever Tier 2 award, which is reserved for flaws and exploits with a very significant impact. Over the first two days of the three-day Pwn2Own contest, researchers from 10 countries discovered a total of 22 zero-day vulnerabilities, including the Tesla flaws. This article continues to discuss the exploits demonstrated against the Tesla Model 3 and other zero-day bugs discovered by researchers at the Pwn2Own hacking contest in Vancouver.

Dark Reading reports "Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest"