Hackers win Tesla Model 3 at security competition with $530,000 exploit

Researchers demonstrated Tesla’s hacking vulnerabilities at Pwn2Own Vancouver.
Can Emir
Tesla Model 3
Tesla Model 3.


According to security researchers, malevolent hackers could remotely hack into a Tesla and switch off the lights, honk the horn, open the trunk, turn on the windshield wipers, and tamper with the infotainment system thanks to three vulnerabilities linked together.

During Pwn2Own Vancouver, a security competition where "white hat" hackers and security researchers can win the devices with previously discovered vulnerabilities (that they uncover and exploit)—plus a cash prize—researchers from the French security firm Synacktiv won $530,000 and a Tesla Model 3.

Despite these flaws, the researchers noted that Tesla is doing an excellent job of making the car difficult to hack by putting in place a sophisticated system of sandboxes, which isolates components and makes it more difficult to gain greater privileges by simply breaking into one of them.

TOCTOU attack

The Synacktiv team demonstrated two different exploits. At first, it took them less than two minutes to compromise the Model 3's Gateway system, which serves as the energy management interface for communication between Tesla vehicles and Tesla Powerwalls.

They inserted the required malicious code using a Time of Check to Time of Use (TOCTOU) attack, a strategy that takes advantage of the brief interval between when a computer examines something like a security credential and when it really uses it.

They weren't hacking a genuine Model 3 for safety concerns, but they would have been able to open the front hood and doors of the vehicle even while it was moving.

The second vulnerability allowed the hackers to remotely take control of the infotainment system of the mimic Tesla and, from there, other car systems. They gained access using the Bluetooth chipset's heap overflow vulnerability and an out-of-bounds write mistake, the latter of which allowed them control of the security gateway. This device delivers commands to the vehicle.

According to the researchers, the remedies for these vulnerabilities are being developed by Tesla and should soon be installed on cars.

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board