Researchers from French cybersecurity firm Synacktiv won $350,000 and a new Tesla Model 3 at a security conference by hacking into the gateway and infotainment subsystems of the vehicle in less than two minutes.
During the Pwn2Own 2023 hacking conference held in Vancouver, British Columbia, last week, Synacktiv’s so-called ethical hackers were able to “fully compromise” the electric vehicle, gaining control of its safety systems and breaking into its infotainment system.
They hacked into the Tesla’s head unit instead of the entire vehicle for safety reasons. The head unit controls the car’s infotainment and navigation systems.
“Of course, we’d like to do this on a car itself but there’s just too many variables that would make it potentially dangerous for those around the vehicle, including the building vehicles parked by, so we don’t want to take that chance. We prefer a nice controlled environment,” Dustin Childs said in a video of the event available on YouTube.
Childs is head of threat awareness at the Zero Day Initiative, which runs bug bounty programs that pay researchers to find security breaches. Zero Day Initiative is owned by Trend Micro, a Japanese cybersecurity company that organizes the annual Pwn2Own conference.
Synacktiv’s hackers had 10 minutes to attempt three hacks on the Model 3.
Synacktiv’s team took over the car’s interactive infotainment system. They punctuated the feat by replacing Tesla’s logo with a Synacktiv logo. The hack earned Synacktiv’s team $250,000. In the other hack, the team earned $100,000 and a new Tesla Model 3 for fully tapping into the car via an Ethernet network.