Skip to main content

Tesla gets hacked – winning the hackers $100,000 and a Model 3

Tesla was successfully hacked at the Pwn2Own conference and in the process, the hackers won $100,000 and the Model 3 that they managed to compromise.

Over the last few years, Tesla has been investing a lot in cybersecurity and working closely with whitehat hackers. The automaker has been participating in the Pwn2Own hacking competition by offering large prizes and its electric cars for hacking challengers.

Hacking vehicles, and Tesla vehicles in particular, has been a staple of the hacking conference for a few years now.

Zero Day Initiative, the organization running Pwn2Own, confirmed that this year was no exception and the Tesla Model 3 they brought was successfully hacked:

Synacktiv confirmed that they managed to gain root access to Tesla’s system and claimed to have been able to have “taken over” the whole car:

After having finished their exploit in a hotel room, @_p0ly_ and @vdehors successfully compromised the Tesla Model 3 infotainment through Bluetooth and elevated their privileges to root! Combined with the previous entry, this could have been a full chain to take over the car!

They shared this image of their Model 3 infotainment test rig:

Top comment by crawdiddle

Liked by 41 people

Every company that participates in these types of events is showing an investment in security. Good for Tesla and its consumers. And good for the other companies involved.

View all comments

Pwn2Own confirmed that it was a TOCTTOU exploit, which is described as:

Time-of-check-to-time-of-use (TOCTTOU – pronounced TOCK-too) is a file-based race condition that occurs when a resource is checked for a particular value, such as whether a file exists or not, and that value then changes before the resource is used, invalidating the results of the check.

The findings of these kinds of whitehat hacks are always shared with the companies in order to help make their products more secure.

As previously mentioned, Tesla has been investing heavily in cybersecurity.

We went into a lot of detail about Tesla’s cybersecurity effort in our report about “The Big Tesla Hack” when a hacker managed to get control over Tesla’s entire fleet.

FTC: We use income earning auto affiliate links. More.

Stay up to date with the latest content by subscribing to Electrek on Google News. You’re reading Electrek— experts who break news about Tesla, electric vehicles, and green energy, day after day. Be sure to check out our homepage for all the latest news, and follow Electrek on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our YouTube channel for the latest reviews.

Comments

Author

Avatar for Fred Lambert Fred Lambert

Fred is the Editor in Chief and Main Writer at Electrek.

You can send tips on Twitter (DMs open) or via email: fred@9to5mac.com

Through Zalkon.com, you can check out Fred’s portfolio and get monthly green stock investment ideas.