Tesla is one of the title sponsors at the first ever Pwn2Own Automotive event, and on the first day a Tesla modem was hacked by a group with a long history of exploiting vulnerabilities in the automaker’s coding.
Pwn2Own, an established computer hacking contest with a 16-year history, has frequently involved Tesla, with the company offering up cars and cash to anyone who can find and exploit a vulnerability within their systems. This has happened several times over the years, most of the time by a hacking group called Synacktiv, who last year were awarded a Model 3 and $100,000 following a successful hack.
This competition typically covers a broad range of topics, including an automotive category, but now for the first time a new iteration of the Pwn2Own contest focused solely on identifying security flaws in connected vehicles is taking place in Tokyo.
On the first day Synacktiv was at it again, taking home $100,000 by hacking a Tesla modem, the biggest award of the day. According to the Zero Day Initiative (@thezdi), the Syacktiv team successfully exploited three zero-day bugs to get root permission on a Tesla modem.
The Syancktiv team isn’t done there. On Thursday the group is also attempting to target the Tesla infotainment system with a Sandbox escape. A sandbox escapes refers to a technique used in computer security where a malicious program or process bypasses the restrictions imposed by a sandbox, which is an isolated computing environment created to run code from unknown or potentially harmful sources so that it cannot harm the host system or access unauthorized resources.
The attempts are getting too intense! The Synacktiv team’s exceptional effort paid off as they successfully executed their attack against the Tesla modem at the Pwn2Own Automotive happening now in Tokyo Big Sight! Hats off to the team!#pwn2ownautomotive2024 #pwn2owntokyo2024 pic.twitter.com/EZicX4TAcv— VicOne (@VicOneAuto) January 24, 2024