As Tesla leads the charge in electric vehicles and every day getting better self-drive technology, there’s something that continuous attention: cybersecurity.
Just like any other company, Tesla faces the looming threat of problems in its systems. A bunch of ethical hackers recently found such loopholes in Tesla’s system winning insane amounts in rewards and a Tesla car.
For years, Tesla has been putting a lot of effort into cybersecurity. They’ve been teaming up with ethical hackers and joining events like the Pwn2Own hacking competition.
Hacker Wins $200,000 and Tesla Model 3 in Bug Bounty Program
At these competitions, they offer some very big prizes and even let hackers try to break into their electric cars. Here’s all the news from the event.
Pwn2Own Vancouver
Pwn2Own is like a big hacking contest that happens every year. It’s where expert researchers and ethical hackers find and fix security issues in popular software and devices. These events come with huge prizes for finding such crucial vulnerabilities in popular products like Adobe Reader, Windows 11, SharePoint, and more.
Tesla actively sponsors big amounts in events like Pwn2Own even giving away EVs as rewards. Such events highlight the constant need for strong cybersecurity efforts to guard against cyber threats.
Synacktiv, a French team recently uncovered a significant vulnerability in Tesla’s systems at the Pwn2Own Vancouver 2024 competition. Synacktiv made headlines by winning big—a staggering $200,000 in cash and a shiny new Model 2.
How did they do it?
With just a single integer overflow against the Tesla ECU using Vehicle CAN BUS Control. This impressive victory is Synacktiv’s second time cracking Tesla, earning them their second Tesla Model 3, as per the Zero Day Initiative.
They won their first one in last year’s competition by exploiting Tesla’s vulnerabilities. You can read more about it in our post from the last year here.
Hack Your Way Into a Tesla Model 3, $500,000 Grand Prize Up for Grabs
Tesla Vulnerability Exploit At Zero Day
Not all hackers are wearing the white hat and even a small glitch could cost millions for companies like Tesla. The Synacktiv team effortlessly hacked into Tesla’s system in a mere thirty seconds at the event. This time hacking into Tesla’s electronic control unit (ECU) and vehicle CAN BUS.
Their quick success earned them a substantial $200,000 reward along with a brand-new Tesla Model 3. They managed to achieve this on the competition’s first day itself garnering a newfound reputation worldwide.
Confirmed!!! The @Synacktiv team used a single integer overflow to exploit the #Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always. #Pwn2Own #P2OVancouver pic.twitter.com/FcB4fTiOa7
— Zero Day Initiative (@thezdi) March 20, 2024
Tesla frequently supports events like these, inviting hackers and teams to uncover any weaknesses in its systems. Such initiatives help enhance the security of Tesla’s system, reducing the risk of potential cyberattacks.
Besides Tesla’s initiatives, other groups have also been successful in hacking Tesla vehicles. For instance, researchers at a university in Belgium managed to replicate keys and get into a Model X.
Hackers found three vulnerabilities in Tesla vehicles that could allow malicious hackers to remotely access and control a Tesla. Unethical hackers can control turning off lights, honking the horn, and trunk, turning on windshield wipers, and tampering with the main infotainment system.
At a recent event in Tokyo earlier this year organized by Zero Day Initiative, Synacktiv found and exploited bugs in Tesla’s infotainment system. They won $100,000 for their efforts at the event.
At the Pwn2Own Vancouver event last year, Synacktiv successfully exploited these vulnerabilities. Their achievement won them a Tesla Model 3, and a total of $530,000 in rewards.
How Tesla Keeps Cyber Security in Check?
Even though we’ve known about the risks of IoT devices for a while, many cybersecurity tools still don’t fully protect them.
Luckily, Tesla is doing a better job than most at managing security. They’ve already taken steps to protect their cars, like starting a bug bounty program where researchers can report any problems they find.
One Reddit user shares his views on how such events reassure trust in brands like Tesla
“This is one of the reasons why I bought a Tesla. The fact that they will do this to ensure security makes me feel very confident in my car not getting stolen”
Comment
byu/1oneplus from discussion
inteslamotors
This focus on security got a big boost after CEO Elon Musk talked about the risk of a “fleet-wide hack” at a presentation in July 2017.
Musk highlighted this concern at the National Governors Association in Rhode Island, stressing the need to protect Tesla’s vehicles and self-drive tech.
Bottomline
Programs like Pwn2Own aim to encourage and reward ethical hackers. Finding and fixing such bugs can save huge losses to the automakers before cybercriminals gets to exploit them.
Programs like these are super important for car companies to stay ahead of the bad guys. Tesla, in particular, takes cybersecurity seriously. They even have their own bug-bounty program where hackers can report issues, and they’ll get rewarded for it.
