This is why Tesla has been a long-time sponsor of hacking competitions, as this allows them to work with the best security researchers in the business. Pwn2Own is probably the most famous hacking event, and that's why the EV maker has partnered with Zero Day Initiative, the hackathon's organizers. This year, Tesla has put two cars on the table, a Model 3 and a Model S, for those who manage to completely compromise a Tesla vehicle. And they did not only once, but twice.
On the first day of the competition, researchers of the French hacking team Synacktiv executed a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla's Gateway energy management system. This involves altering internal files that the system checks before granting access. For instance, it could mean changing login credentials after they have been written to a file to the ones of the hacker. By gaining access to Tesla Gateway, hackers could open the frunk or door of a Tesla Model 3 while the car was in motion.
The attack took less than two minutes, but it was enough to fetch the researchers a cash reward of $100,000 and the Tesla Model 3 itself. The Synacktiv team achieved a much more difficult hack the next day, compromising the infotainment system and gaining root access to other subsystems. Based on a heap overflow and an out-of-band (OOB) write vulnerability, the attack originated in the Bluetooth chipset, an external component, and compromised systems deep within the vehicle.
The second exploit was so complex that Zero Day Initiative (ZDI), organizers of Pwn2Own, said it qualified as a Tier 2 award, the first ever in the competition's history. This alone would have been enough for them to earn the Tesla Model 3, so we might say the Synacktiv team won the car twice. The team earned a total of $530,000 in prizes, plus the Tesla Model 3, throughout the three-day hacking competition. This is more than half of the total prizes offered. Tesla also put a Model S on the table, but it appears that other teams weren't as successful, so it was returned to the carmaker.
CONFIRMED! @Synacktiv successfully executed a TOCTOU exploit against Tesla – Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3. #Pwn2Own #P2OVancouver pic.twitter.com/W61NasJPAl
— Zero Day Initiative (@thezdi) March 22, 2023
CONFIRMED! @Synacktiv used a heap overflow & an OOB write to exploit the Infotainment system on the Tesla. When they gave us the details, we determined they actually qualified for a Tier 2 award! They win $250,000 and 25 Master of Pwn points. 1st ever Tier 2 award. Stellar work! pic.twitter.com/IPOnXG5S0u
— Zero Day Initiative (@thezdi) March 23, 2023