Tesla cybersecurity measures fail, hackers win Model 3 at hacking event

As electric vehicles and their significant amount of integrated software have become more common in everyday life, the security around them has become significantly more critical. In the worst-case scenario, a hacker could not only gain access to a car but could leak user data or even take control of the vehicle. Now, at the Pwn2Own hacking competition, a group of hackers successfully hacked a Tesla Model 3 and won the vehicle along with a $100,000 prize.

The successful hack completed by the group Synactiv was initially reported by the Zero Day Initiative Twitter account, revealing that the group had used a TOCTOU exploit to gain access to the vehicle.

One of the main highlights from Day One of #Pwn2Own Vancouver 2023: @Synacktiv vs the Tesla Model 3. Their successful demonstration earned them $100,000 and the car itself pic.twitter.com/d7TY5mKHxK

— Zero Day Initiative (@thezdi) March 23, 2023

CONFIRMED! @Synacktiv successfully executed a TOCTOU exploit against Tesla - Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3. #Pwn2Own #P2OVancouver pic.twitter.com/W61NasJPAl

— Zero Day Initiative (@thezdi) March 22, 2023

Thanks to the nature of the hacking competition, the details of how the hack was performed have not been made entirely public to avoid a security risk for Tesla owners. Still, the method the hackers used was relatively straightforward.

The TOCTOU (Time-Of-Check Time-Of-Use) exploit involves altering internal files to gain system access. In essence, the hackers are altering the files that a system will check to ensure someone actually should have access. This could, for example, involve changing login credentials to allow yourself access. However, as the name suggests, this is highly time-dependent, as it involves using the discrepancy of time between the system checking the files and a person actually being logged in.

Pwn2Own is one of the most famous hacking events in the world. It involves teams of hackers attempting to gain access to some of the most popular software available on the market. Each group of hackers and security researchers will be given a list of devices and software and a series of objectives to achieve. The first team to navigate through the list gains a cash prize. In this case, for completing this step of the competition quickest, the Synactive team won the Tesla Model 3 that they hacked.

With software becoming ever more interconnected with the vehicles we drive, focusing on keeping that software secure will only become more important as time passes. And with the increasing interconnectedness of these car systems, the consequences of not keeping these systems secure will only become more dire. Hopefully, automakers will take this threat seriously and continue to work to keep their items as safe and secure as possible.

What do you think of the article? Do you have any comments, questions, or concerns? Shoot me an email at william@teslarati.com. You can also reach me on Twitter @WilliamWritin. If you have news tips, email us at tips@teslarati.com!

Tesla cybersecurity measures fail, hackers win Model 3 at hacking event