Tesla has been hacked at the Pwn2Own hacking event, and the hacking group has taken home a Tesla Model 3 and $100,000.
As electric vehicles and their significant amount of integrated software have become more common in everyday life, the security around them has become significantly more critical. In the worst-case scenario, a hacker could not only gain access to a car but could leak user data or even take control of the vehicle. Now, at the Pwn2Own hacking competition, a group of hackers successfully hacked a Tesla Model 3 and won the vehicle along with a $100,000 prize.
The successful hack completed by the group Synactiv was initially reported by the Zero Day Initiative Twitter account, revealing that the group had used a TOCTOU exploit to gain access to the vehicle.
Thanks to the nature of the hacking competition, the details of how the hack was performed have not been made entirely public to avoid a security risk for Tesla owners. Still, the method the hackers used was relatively straightforward.
The TOCTOU (Time-Of-Check Time-Of-Use) exploit involves altering internal files to gain system access. In essence, the hackers are altering the files that a system will check to ensure someone actually should have access. This could, for example, involve changing login credentials to allow yourself access. However, as the name suggests, this is highly time-dependent, as it involves using the discrepancy of time between the system checking the files and a person actually being logged in.
Pwn2Own is one of the most famous hacking events in the world. It involves teams of hackers attempting to gain access to some of the most popular software available on the market. Each group of hackers and security researchers will be given a list of devices and software and a series of objectives to achieve. The first team to navigate through the list gains a cash prize. In this case, for completing this step of the competition quickest, the Synactive team won the Tesla Model 3 that they hacked.
With software becoming ever more interconnected with the vehicles we drive, focusing on keeping that software secure will only become more important as time passes. And with the increasing interconnectedness of these car systems, the consequences of not keeping these systems secure will only become more dire. Hopefully, automakers will take this threat seriously and continue to work to keep their items as safe and secure as possible.