Read Time:1 Minute, 40 Second
After Tesla returned as a sponsor at the Psw2Own event, researchers at a French cybersecurity company have once again demonstrated that Tesla vehicles’ advanced software and systems are vulnerable to exploitation.
During the Pwn2Own event, Synacktiv was able to hack into the Tesla Model 3 gateway using a Time of Check to Time of Use (TOCTOU) race condition, which involves taking control of the car’s network through its ethernet connection.
However, Synacktiv hacked into a Tesla Model 3 at the event before.
Last year, they were able to exploit the infotainment system but were unable to win the car due to the complexity of the attack. However, this year’s successful TOCTOU attack has earned them $100,000 and ownership of the Tesla Model 3.
Researchers developed a series of exploits that involved a heap overflow and an out-of-band (OBB) write vulnerability on the second day of the event in Vancouver, Canada.
The hack that had Synacktiv earn a cash prize of $250,000 is called an “Unconfined Root”.
Zero Day Initiative (ZDI) announced on Twitter, “CONFIRMED! @Synacktiv used a heap overflow & an OOB write to exploit the Infotainment system on the Tesla. When they gave us the details, we determined they actually qualified for a Tier 2 award! They win $250,000 and 25 Master of Pwn points. 1st ever Tier 2 award. Stellar work!”
Tesla’s involvement in the Pwn2Own event highlights the importance of vehicle security, particularly as electric vehicles are becoming more advanced and connected. With the rapid evolution of technology, it is essential to protect drivers, passengers, and cars from potential cyberattacks.
Recently, Tesla provided information on how they gather and utilise data about their customers and guidelines on accessing and deleting this information.
They encouraged white-hat hackers to test their vehicles’ security systems to identify potential vulnerabilities and improve defence mechanisms to demonstrate their dedication to ensuring the safety of their customers and set a positive example for the automotive industry.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
