The 2024 Pwn2Own Automotive event is officially underway, and hacking group Synacktiv successfully collected $100,000 on the first day after hacking a Tesla Modem.
Synacktiv is a familiar name in the world of the Pwn2Own event, as last year, the group was able to hack a Tesla Model 3 by executing a TOCTOU exploit against a Tesla Gateway to gain access to the vehicle.
Today, the event officially kicked off in Tokyo Japan, and a number of devices were hacked, including a pair of Sony XAV-AX5500s, a Tesla Modem, and a JuiceBox 40 Smart EV Charging Station.
Synacktiv was able to hack both a Tesla Modem and the JuiceBox EV Charging Station on the first day of the event. The group was awarded $100,000 for hacking the Tesla and $60,000 for hacking the EV charger.
According to CyberSecurityNews, Synacktiv carried out a 3-bug chain to attack the Tesla Modem, successfully resulting in its compromisation.
— Synacktiv (@Synacktiv) January 22, 2024
As of right now, Synacktiv’s work has gotten them a lead in earnings and points, with a total of $295,000 in prize money and 31 points, ahead of NCC Group EDG, who has $70,000 in winnings and 10 points.
Synacktiv has more plans to target Tesla as well, hoping to identify shortcomings in its security systems to make its protections more robust in the future.
Tomorrow, Synacktiv is planning to target Tesla’s Infotainment system with a “Sandbox Escape,” according to the schedule of the Pwn2Own event.
They hope to gain access to the Ryzen-based Model 3, Model Y, Model S, and Model X systems, but Tesla is not the only company that is the subject of attempted hacking. They will use zero-day exploits to infiltrate these systems, according to BleepingComputer.
Tesla is a key sponsor of the event and announced that it would support the Pwn2Own Tokyo event in August.
I’d love to hear from you! If you have any comments, concerns, or questions, please email me at email@example.com. You can also reach me on Twitter @KlenderJoey, or if you have news tips, you can email us at firstname.lastname@example.org.