The first ever Pwn2Own Automotive has come to a close, and Tesla was successfully hacked twice during the competition, with the second hack involving the infotainment system being compromised.
The successful hack was again accomplished by the Synacktiv team, which earned $100,000 for their first hack earlier this week for exploiting three zero-day bugs to get root permission on a Tesla modem.
Their second attempt took aim at Tesla’s infotainment system. According to the Zero Day Initiative, Synacktiv were successful in exposing a vulnerability, using a 2-bug chain to gain access to the system.
The team was awarded another $100,000, and another 10 Master of Pwn Points.
They did it again! @Synacktiv team used a two-bug chain to attack the Tesla in-vehicle infotainment system, earning them $100,000 and 10 Master of Pwn points! Amazing feat! pic.twitter.com/1hYvpL24pq
— VicOne (@VicOneAuto) January 25, 2024
The Synacktiv team ended the competition in first place, earning the title of Masters of Pwn and a total of $1,323,750 in prize money.
Tesla has actively participated in Pwn2Own hacking competitions for many years, providing vehicles as prizes over to anyone who can expose a vulnerability in their software. In fact, Tesla was a title sponsor for the inaugural Pwn2Own event in Tokyo this week, and will again take part in the Pwn2Own event coming up in March in Vancouver. For that event the company will be providing a Model 3 and Model S, both with Ryzen computers, as targets for the hackers.
