News
Tesla cybersecurity measures fail, hackers win Model 3 at hacking event
Tesla has been hacked at the Pwn2Own hacking event, and the hacking group has taken home a Tesla Model 3 and $100,000.
As electric vehicles and their significant amount of integrated software have become more common in everyday life, the security around them has become significantly more critical. In the worst-case scenario, a hacker could not only gain access to a car but could leak user data or even take control of the vehicle. Now, at the Pwn2Own hacking competition, a group of hackers successfully hacked a Tesla Model 3 and won the vehicle along with a $100,000 prize.
The successful hack completed by the group Synactiv was initially reported by the Zero Day Initiative Twitter account, revealing that the group had used a TOCTOU exploit to gain access to the vehicle.
One of the main highlights from Day One of #Pwn2Own Vancouver 2023: @Synacktiv vs the Tesla Model 3. Their successful demonstration earned them $100,000 and the car itself pic.twitter.com/d7TY5mKHxK
— Zero Day Initiative (@thezdi) March 23, 2023
CONFIRMED! @Synacktiv successfully executed a TOCTOU exploit against Tesla – Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3. #Pwn2Own #P2OVancouver pic.twitter.com/W61NasJPAl
— Zero Day Initiative (@thezdi) March 22, 2023
Thanks to the nature of the hacking competition, the details of how the hack was performed have not been made entirely public to avoid a security risk for Tesla owners. Still, the method the hackers used was relatively straightforward.
The TOCTOU (Time-Of-Check Time-Of-Use) exploit involves altering internal files to gain system access. In essence, the hackers are altering the files that a system will check to ensure someone actually should have access. This could, for example, involve changing login credentials to allow yourself access. However, as the name suggests, this is highly time-dependent, as it involves using the discrepancy of time between the system checking the files and a person actually being logged in.
Pwn2Own is one of the most famous hacking events in the world. It involves teams of hackers attempting to gain access to some of the most popular software available on the market. Each group of hackers and security researchers will be given a list of devices and software and a series of objectives to achieve. The first team to navigate through the list gains a cash prize. In this case, for completing this step of the competition quickest, the Synactive team won the Tesla Model 3 that they hacked.
With software becoming ever more interconnected with the vehicles we drive, focusing on keeping that software secure will only become more important as time passes. And with the increasing interconnectedness of these car systems, the consequences of not keeping these systems secure will only become more dire. Hopefully, automakers will take this threat seriously and continue to work to keep their items as safe and secure as possible.
What do you think of the article? Do you have any comments, questions, or concerns? Shoot me an email at william@teslarati.com. You can also reach me on Twitter @WilliamWritin. If you have news tips, email us at tips@teslarati.com!
Lifestyle
Tesla app update makes Robotaxi ownership make a lot more sense
Tesla’s app now shows a live indicator when your car is actively driving itself.
A recent Tesla app update, released last week (4.58.5), gives visibility on whether a vehicle is navigating in its semi-autonomous mode or being drive by a human driver. The updated app now displays a live “Self-Driving” indicator in bright blue text directly beneath the vehicle’s speed readout whenever Full Self-Driving is actively engaged, along with the signature glowing blue navigation path that FSD users see on the main touchscreen. It is a small visual update with meaningful implications for how Tesla owners monitor their vehicles remotely.
The feature was first spotted in the wild by X user Jordan Camina, who shared video of a Hardware 3 Model S displaying the new animation through the app while driving. That detail is significant because it confirms the update is not limited to newer HW4 vehicles. It works across hardware generations, and Tesla confirmed it will eventually support all vehicles regardless of chip platform once both the app and vehicle software are updated. The vehicle side requires software version 2026.20.6.1, which has reached nearly 40% of the fleet so far, as monitored by NotaTeslaApp.
The feature makes the most practical sense when viewed through the lens of Tesla’s expanding robotaxi operation. In a robotaxi context, the owner of a vehicle generating ride revenue has a direct financial and safety interest in knowing whether their car is operating under autonomous control at any given moment. The app’s new FSD indicator gives fleet owners exactly that visibility, the same way a logistics company monitors whether a delivery driver is following the planned route. It also carries implications for Tesla’s insurance model. Tesla’s own insurance product prices premiums in part based on FSD engagement rates, and real-time visibility into when FSD is active creates a feedback loop that could eventually tie directly into policy pricing. For individual owners who have opted their personal vehicles into the robotaxi network, the update effectively turns the Tesla app into a fleet management dashboard, one that tells you whether your car is earning money, whether it is driving itself to do it, and whether everything is operating the way it should from wherever you happen to be.
Tesla expands Robotaxi to Florida, marking its third state for autonomy
As Teslarati has reported, Tesla launched unsupervised robotaxi rides in Miami this summer, a milestone that makes a remote FSD status indicator significantly more practical than a cosmetic feature. When a vehicle is operating as a robotaxi without a driver present, the owner or fleet operator needs a reliable way to confirm autonomy is engaged. The app now provides exactly that.
As noted by NotATeslaApp, The update also arrived alongside a hint buried in the same app version that Tesla plans to use the cabin camera to verify driver identity before FSD can be activated. Pairing identity verification with a live autonomy status indicator points toward the infrastructure Tesla is building for a fleet of driverless vehicles that owners can monitor the way you would track a package delivery.
Elon Musk
California snubs Tesla in its newly passed EV incentive that favors Rivian and Lucid
California passed a $135 million EV incentive that rewards Rivian and Lucid while sidelining Tesla
California just drew a line in the EV incentive sand to put Tesla on the wrong side of it. The state recently passed a $135 million program offering first-time electric vehicle buyers a direct incentive with no application required, but the rules were written in a way that leaves Tesla at a structural disadvantage compared to Rivian and Lucid.
The program caps eligible vehicles at $50,000 for new EVs and $25,000 for used ones. That pricing threshold rules out a significant portion of Tesla’s lineup, though some lower-priced Model 3 and Model Y configurations would still qualify. California-based automakers are exempt from the price cap entirely, regardless of what their vehicles cost. Rivian, headquartered in Irvine, and Lucid, based in the San Francisco Bay Area, both benefit from that exemption. Rivian’s R2 starts at roughly $45,000 but has versions above the cap. Lucid’s Air and Gravity start at $70,990 and $79,990 respectively, well above any threshold a non-California company would face.
California hits Tesla Cybercab and Robotaxi driverless cars with new law
Tesla built its reputation and a significant portion of its early market share in California, where EV adoption has consistently led the nation. The company operates its original factory in Fremont, California, and the state was home to Tesla’s headquarters for most of its existence. That changed in 2021 when Tesla moved its corporate headquarters to Austin, Texas. Since then, the relationship between the company and California Governor Gavin Newsom has been openly adversarial, with Musk and Newsom trading public criticism on multiple occasions.
California’s EV incentive landscape has shifted repeatedly in recent years, and Tesla has previously lost eligibility for state-level programs as its vehicles exceeded income-adjusted price thresholds. The federal $7,500 EV tax credit, which Tesla models have qualified for and lost depending on policy cycles, is no longer available after it expired without renewal, making state-level programs more meaningful to buyers than they have been in years.
The practical impact for buyers is more nuanced than the headline suggests. California residents purchasing a Tesla under $50,000 for the first time can still access the incentive. But the exemption written for California-based manufacturers is a structural advantage that rewards where a company plants its headquarters flag rather than where it builds its products, and Tesla moved that flag to Texas.
Elon Musk
SpaceX’s newest logo confirms everything about what it’s become
SpaceX officially absorbed xAI under the SpaceXAI brand, completing the largest private merger in history.
SpaceX made its corporate transformation official in May 2026 when Elon Musk posted on X that xAI would cease to exist as a standalone company. “xAI will be dissolved as a separate company, so it will just be SpaceXAI, the AI products from SpaceX,” he wrote.
A new SpaceXAI logo was announced today, visually embedding the xAI letters inside the SpaceX identity, which can be seen as a deliberate design choice that signals the merger is not a partnership but a full absorption and XAi a core function of the same company. The same way Starlink is not a separate brand but a SpaceX product. The announcement closed the loop on a process that began February 2, 2026, when SpaceX acquired xAI in the largest private merger in history, valued at $1.25 trillion. SpaceX at $1 trillion and xAI at $250 billion.
We are now @SpaceXAI. pic.twitter.com/ema66xDWC9
— SpaceXAI (@SpaceXAI) July 6, 2026
The reason SpaceX bought xAI was stated plainly by Musk at the time of the deal: to build orbital data centers. SpaceX had simultaneously filed with the FCC to launch up to one million satellites designed to function as AI compute nodes in low Earth orbit, escaping what Musk described as the energy constraints limiting AI development on Earth.
xAI provided the AI software stack, with Grok, the X platform, and the Colossus supercomputer infrastructure in Memphis with over 220,000 NVIDIA GPUs, while SpaceX provided the rockets, Starlink, and the capital base to fund it. The two companies needed each other. xAI was burning $2.5 billion in losses on $250 million in revenue. SpaceX was generating an estimated $8 billion in profit on $15 billion in revenue and needed an AI narrative to command the valuation it was targeting for its IPO.
What SpaceX has done, regardless of how the orbital AI vision ultimately plays out, is walk into a public market as something no company has been before: a rocket manufacturer, satellite internet provider, AI software company, social media platform, and supercomputer operator under one ticker. Whether that combination is worth $2 trillion depends entirely on which of those businesses you believe in most.