Tesla, the electric car giant, has recently been hacked during the well-known Pwn2Own exploit contest. This competition sees renowned hackers attempt to hack numerous pieces of technology, including cars. This year, Tesla was selected as one of the targets and two teams managed to successfully hack the vehicle’s web browser.
Objectives of the Contest
The Pwn2Own competition is organized by the Zero Day Initiative (ZDI) and is currently its twelfth iteration. It offers cash prizes for certain successful hacks and the objective is to increase security awareness of the most widely-used products. In its 2020 competition, ZDI invited a total of 15 hacker teams to find vulnerabilities in Tesla’s Model 3 car.
Hacks Performed on the Tesla Model 3
Two of the teams successfully managed to hack the Tesla Model 3 during the event. The team Flouroacetate, managed to use a chain of vulnerabilities to exploit the cars’ web browser. This gave them access to the car’s computer system, allowing them to manipulate music settings and control the vehicle’s center display.
Similarly, the team Amat Cama and Richard Zhu were able to breach the Tesla’s web browser in order to gain access to the car’s system. They used a total of four different vulnerabilities in order to gain access to the center display and to the car’s music settings.
Implications of the Hacks
These hacks have highlighted the importance of proper security systems for cars, as well as other connected devices. The ability to connect to the car’s systems could allow malicious actors to control the car remotely or distort the car’s display settings. A successful hack could be used to manipulate GPS systems or create data breaches, which could end up costing the company and its customers dearly.
In response to the hack, Tesla has stated that they take security very seriously and plan to address the vulnerabilities that were exposed. In addition, the company noted that the version of the car hacked at the contest was an older one, so a majority of the vehicles on the road are not at risk. Furthermore, the attack was conducted on a single vehicle, so the risk of a wider breach is minimal.
Call to Action
Tesla’s vulnerability has been exposed and other connected devices may be susceptible to similar hacks. Share this article to raise awareness and help ensure that these hacks are taken seriously and addressed as soon as possible.