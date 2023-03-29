White hat hackers managed to hack Tesla Model 3 and its infotainment subsystems during a security event, earning themselves the vehicle and a cash prize of $100,000.

Researchers from French cybersecurity firm Synacktiv were able to “fully compromise” a new Tesla Model 3 during the Pwn2Own 2023 hacking conference held in Vancouver, British Columbia, gaining control of its safety systems and breaking into its infotainment system.

The team from Synacktiv demonstrated two separate exploits, according to a tweet by Zero Day Initiative, an international software vulnerability initiative who is the primary sponsor of the Pwn2Own event.

Initially, they were able to hack the Model 3’s Gateway system, which allows communication within a vehicle network system, in less than two minutes.

The researchers used a Time of Check to Time of Use (TOCTOU) attack, a technique that exploits the small time gap between when a computer checks something like a security credential and when it actually uses it, to insert the necessary malicious code.

The hack of the Gateway system allows the attacker to open the car’s doors and front hood, even while in motion.

One of the main highlights from Day One of #Pwn2Own Vancouver 2023: @Synacktiv vs the Tesla Model 3. Their successful demonstration earned them $100,000 and the car itself pic.twitter.com/d7TY5mKHxK — Zero Day Initiative (@thezdi) March 23, 2023

Researchers Hack Tesla’s Infotainment Subsystems

Synacktiv researchers were also able to break into Tesla’s infotainment system and use it to gain control of other subsystems in the car. They used what’s known as a heap overflow vulnerability and an out-of-bounds write error in the Bluetooth chipset to get in.

The Synacktiv team claimed that they could have “taken over” the whole car with the hack of the car’s Gateway and infotainment system. They detailed in a tweet:

“After having finished their exploit in a hotel room, @_p0ly_ and @vdehors successfully compromised the Tesla Model 3 infotainment through Bluetooth and elevated their privileges to root! Combined with the previous entry, this could have been a full chain to take over the car!”

All in all, contestants disclosed 27 unique zero-days, previously unknown computer-software vulnerabilities, and won a combined cash prize of $1,035,000 as well as a car, according to Zero Day Initiative.

Technical Malfunctions in Tesla Stir Safety Concerns

Over the past couple of years, white hat hackers and researchers have uncovered numerous vulnerabilities relating to Tesla cars.

Last year, researchers revealed that hackers can exploit a feature that allows drivers to turn on their vehicles more easily after opening the car’s door with a near-field communication (NFC) key card to unlock a car and potentially steal it.

The electric carmaker has also been under increasing scrutiny over technical malfunctions in recent times.

As reported, earlier this month, a Tesla owner unknowingly unlocked someone else’s Tesla in a parking lot last week and the app allowed him to drive it.

The United States National Highway Traffic Safety Administration (NHTSA) has also launched a new probe into Tesla after complaints that steering wheels have fallen off some of the cars while driving.

Furthermore, Tesla recalled more than 360,000 vehicles over crash risks associated with its Full Self-Driving Beta software earlier this year.

