Telsa was hacked during an infamous hacking contest.
NurPhoto (from Getty Images)
We’re used to reading about passwords being stolen by billions of people, attackers targeting smartphones, and the occasional hardware hack targeting things like routers, but that’s not the only hacking threat. . Your car is also on the hacking radar, as a recent report details 13 security vulnerabilities affecting Mercedes-Benz owners. Tesla owners are currently in the spotlight after hackers managed to compromise the brand at least four times in a day’s frenzy of hacking. Here’s what happened and why.
Hackers earn $129,500 in one day by attacking Tesla targets
Pwn2Own is a competitive hacking event with a long and noble history dating back to 2007. It’s a testament to its reputation that it attracts some of the best ethical hackers and security researchers on the planet. These hackers come together to see who can first successfully hack a variety of targets, from smartphones to printers to routers, using zero-day breaches. This is an exploit that leverages a vulnerability unknown to the vendor. Sponsored by the Trend Micro Zero-Day Initiative, Pwn2Own is hosting an automotive-only event for the second year in a row. Last year, Pwn2Own Automotive won an incredible $1,323,750 in prize money for participating hackers over a three-day contest. This year’s event, to be held in Tokyo from January 22nd to January 24th, was sponsored by Tesla, and Tesla’s wall charger was on the hacking table.
Hackers targeted Tesla wall chargers on the second day of the event, and the results were revealed. Successful teams were awarded a total of $129,500 in zero-day bounties.
4 Tesla Hacks Explained
The full technical details of the exploit used and the exploited vulnerability will not be made public for 90 days to give Tesla enough time to deploy a fix, but will be published on the second day of the Pwn2Own Automotive event Here’s what we know about the zero-day hacker: .
The PHP Hooligans hacking team was able to hijack and crash the Tesla Wall Connector using a zero-day exploit. This was done using the “numeric range comparison bug without minimum check (CWE-839)” and reportedly resulted in a $50,000 bounty.
The Synacktiv hacking team used a logic bug as part of an exploit chain to compromise the Tesla Wall Connector via the charging connector. The hackers were awarded a $45,000 reward for their “outstanding original research.”
Two more teams successfully attacked Tesla, though it’s known as Collision because it exploited a previously known vulnerability as part of the breach, rather than the zero-day itself.
Radu Motspan, Polina Smirnova, and Mikhail Evdokimov from the PC Automotive team successfully leveraged the Tesla Wall Connector and won $22,500.
Meanwhile, Sina Kheirkhah from the Summons team exploited the Tesla Wall Connector using two vulnerability chains, earning $12,500 in the process.
I asked Tesla for a statement.
