A team has successfully hacked its way to $200,000 in prize money and a Tesla Model 3. The hackers exploited a Tesla electronic control unit at the 2024 Pwn2Own contest in Vancouver.
The Synacktiv team, a regular at Pwn2Own events, used a single integer overflow exploit to get into a Tesla’s ECU with Vehicle CAN BUS Control.
The CAN BUS gives the ECUs in more modern cars the ability to communicate with each other reliably using prioritized messages. This means the vehicle bus standard is responsible for communication between microcontrollers and devices. The latter includes airbags, parking brakes, cruise controls, etc.
Confirmed!!! The @Synacktiv team used a single integer overflow to exploit the #Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always. #Pwn2Own #P2OVancouver pic.twitter.com/FcB4fTiOa7
— Zero Day Initiative (@thezdi) March 20, 2024
Synacktiv’s achievement is important because it shows that Tesla cars can be rendered a brick by a hacker with enough determination and skills. The hacking team’s effort earned them first place in the contest and 20 Master of Pwn points, apart from the prize money and car.
Tesla welcomes hackers to try their hands at its systems to detect vulnerabilities, which can help to make its cars safer.
The Synacktiv team hacked Tesla’s infotainment system in a January Pwn2Own event, earning $100,000. This was preceded by another hack using three zero-day bugs.
