Image: Synacktiv on Twitter
EVs are just as much about the software as they are about the hardware with electric motors and batteries. Some may even call EVs computers on wheels, which like computers can also get hacked.
This has just been proven by a group that hacked their way into a Tesla Model 3 at a competition run by Trend Micro and global security firm Pwn2Own in Vancouver Canada.
The goal is to allow companies like Tesla, with software-orientated products to be matched with contestants that gather at Pwn2Own, to showcase their skills and uncover vulnerabilities in these products.
This year the competition – with a prize of a new Tesla Model 3 and $A150,000 in prize money – was won by a group called Synacktiv from France that hacked its way into a Tesla Model 3 using TOCTOU (Time-Of-Check Time-Of-Use) exploit technique. Their success was shared by The Zero Day Initiative on Twitter.
CONFIRMED! @Synacktiv successfully executed a TOCTOU exploit against Tesla – Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3. #Pwn2Own #P2OVancouver pic.twitter.com/W61NasJPAl
— Zero Day Initiative (@thezdi) March 22, 2023
Synacktiv describes itself as an “Offensive security company” and were also quite transparent about the hack, sharing the journey on Twitter as well. After successfully winning the competition, the team shared high-level details of their hack.
After successfully winning the competition, the team shared high-level details of their hack.
After having finished their exploit in an hotel room, @_p0ly_ and @vdehors successfully compromised the Tesla Model 3 infotainment through bluetooth and elevated their privileges to root!
Combined with the previous entry, this could have been a full chain to take over the car! https://t.co/AEZERvO6Ko pic.twitter.com/6R1b72h0iz— Synacktiv (@Synacktiv) March 23, 2023
Tesla was the target of the competition this year because, according to the organisers: “Tesla almost single-handedly invented the connected car industry. It knows more than most what’s required to keep one step ahead of the competition and the cybercrime community: rigorous testing and continuous probing for software bugs.
“We must remember, after all, that a car isn’t just a car anymore. It’s a complex system of IT components and dynamic systems that presents an increasingly attractive attack surface for threat actors.”
Tesla will use the learnings from this hack by cybersecurity experts and researchers at the competition to further improve its software from any vulnerabilities.
That would give more confidence to those sitting on fence about making the switch to a safer electric car.
Keyword: Tesla hackers walk off with a new Model 3 and $A150,000 in cash