Synacktiv, a security company based in France, was successfully able to hack into a Tesla Model 3 and the Pwn2Own event in Vancouver, British Columbia. This is the second year in a row the Synacktiv team have uncovered an exploit in the Model 3, earning them a cool $100,000 and a Model 3 as a prize.
The 16th annual Pwn2Own event kicked off yesterday at the CanSecWest Conference at the Sheraton Wall Center in Vancouver. One of the targets on the first day was Tesla, a frequent partner at the event, who this year brought out a Model 3 and Model S, offering a top prize of $600,000 plus the car itself.
While Synactiv wasn’t able to earn the top prize, they did walk away with $100,000 and the Model 3 (and 10 Master of Pwn points) after successfully executing a TOCTOU (time-of-check to time-of-use) attack against Tesla – Gateway.
If you’re wondering what a TOCTOU attack is, you’re not alone. Here’s a simple explanation courtesy of ChatGPT.
A TOCTOU attack is a type of computer security vulnerability that occurs when a program checks a resource’s state (such as a file or a network connection), then acts on that resource based on that state, but the resource’s state changes before the program can act on it.
Imagine you’re playing a game of tag with a friend, and you’re “it.” You tag your friend, but they manage to get away and touch a tree. You assume they’re still “it” and start chasing someone else. However, your friend quickly touches the tree again and yells, “I’m not ‘it’ anymore!” before you can tag them again. That’s similar to how a toctou attack works.
In the case of a computer program, an attacker might be able to trick the program into thinking a resource is in a certain state, then change the resource’s state before the program can act on it. This could allow the attacker to gain access to sensitive information or execute malicious code.
Last year Synacktiv was able to demonstrate an exploit of the Model 3 infotainment system, which allowed them to pop open the frunk and activate the headlights and wipers. That exploit earned them $75,000, but due to the level of complexity it did not earn them the Model 3 itself.
One of the main highlights from Day One of #Pwn2Own Vancouver 2023: @Synacktiv vs the Tesla Model 3. Their successful demonstration earned them $100,000 and the car itself pic.twitter.com/d7TY5mKHxK
— Zero Day Initiative (@thezdi) March 23, 2023