No system is foolproof, and Tesla, the famous electric car brand, is just like any other products that have bugs waiting to be exploited.
This time, researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 at the Zero Day Initiative’s Pwn2Own 2023 hacking competition in Vancouver, Canada.
The first one, was exploiting a weakness to execute what's called the time-of-check-to-time-of-use (TOCTTOU) attack on Tesla's Gateway energy management system, which gave the hackers deep access into subsystems, providing them the abilities to control the vehicle's safety and other components.
Pronounced TOCK-too, the exploit is a file-based race condition that occurs when a resource is checked for a particular value, such as whether a file exists or not, and that value then changes before the resource is used, invalidating the results of the check.
Doing so allowed the hackers to do things like, opening the front trunk and doors of the Model 3, even while the car was in motion.
After having finished their exploit in an hotel room, @_p0ly_ and @vdehors successfully compromised the Tesla Model 3 infotainment through bluetooth and elevated their privileges to root!
Combined with the previous entry, this could have been a full chain to take over the car! https://t.co/AEZERvO6Ko pic.twitter.com/6R1b72h0iz— Synacktiv (@Synacktiv) March 23, 2023
For this hacking the car through this exploit, the hackers earned a cash reward worth $100,000, and a new Tesla Model 3.
In the second hack, Synacktiv researchers exploited, was called the heap overflow vulnerability and an out-of-bounds write error, happened to be found in Tesla Model 3's Bluetooth chipset.
Exploiting this weakness was done through Tesla's infotainment system and from there, they also gained root access to other subsystems.
This was possible because Tesla's head units are also the car's control unit, which has access to not only the car's infotainment system, but also the car's navigation system and pretty much everything else.
In fact, most Tesla cars' features, including opening the glovebox, are done through the head unit.
Because of the risks involved in hacking an actual Tesla vehicle, the researchers demonstrated their exploits on an isolated vehicle head unit.
The exploit garnered the researchers an even bigger $250,000 bounty and Pwn2Own's first ever Tier 2 award. This is a tier designation by the contest organizers for particularly impactful vulnerabilities and exploits.
CONFIRMED! @Synacktiv successfully executed a TOCTOU exploit against Tesla – Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3. #Pwn2Own #P2OVancouver pic.twitter.com/W61NasJPAl
— Zero Day Initiative (@thezdi) March 22, 2023
According to Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), which organized the annual contest:
"They went from what's essentially an external component, the Bluetooth chipset, to systems deep within the vehicle."
Over the past few years, Tesla has been investing a lot in cybersecurity, and has been working closely with whitehat hackers. The automaker has been participating in the Pwn2Own hacking competition by offering large prizes and its electric cars for hacking challengers.
Electric cars are pretty much 'electric,' and that Tesla cars are amongst the most complex cars , thanks to their long list of useful features and gimmicks, and their significant amount of integrated software and sensors.
Because of this, hacking vehicles, and Tesla vehicles in particular, have been a staple of the hacking conference for that few years.
In response to the findings, Tesla's security response team who was on site at the event and validated the findings, expect to fix the issue via the vehicle’s self-updating system.
CONFIRMED! @Synacktiv used a heap overflow & an OOB write to exploit the Infotainment system on the Tesla. When they gave us the details, we determined they actually qualified for a Tier 2 award! They win $250,000 and 25 Master of Pwn points. 1st ever Tier 2 award. Stellar work! pic.twitter.com/IPOnXG5S0u
— Zero Day Initiative (@thezdi) March 23, 2023
Pwn2Own is one of the most famous hacking events in the world.
It involves teams of hackers attempting to exploit systems by gaining access to some of the most popular software available on the market.
Each group is given a list of devices and software and a series of objectives to achieve. The first team to navigate through the list gains a cash prize.
In this case, for completing this step of the competition quickest, the Synactive team won in the category because they managed to hack the Tesla Model 3 in just two minutes.
In the event, beside Tesla, other brands being exploited include Apple macOS, Microsoft Windows 11, Microsoft SharePoint, Ubuntu Desktop, Tesla Gateway, Adobe Reader, and Oracle VirtualBox.
All of these brands fell at the hands of the elite hackers.
It's worth noting that in order to protect the brands, the exact details of how the hacker teams hacked the systems aren't revealed. Pwn2OWN 2023 said that the details shall be shared with the respective developers before giving them 90 days to release security patches.