Tesla’s Infotainment System was hacked at the Pwn2Own 2024 Event in Tokyo, marking the second system within the company’s vehicles to be infiltrated this week.
The Infotainment System was hacked the Synacktiv, a group that has been known to compromise Tesla vehicles at the event in previous years.
Earlier this week, we reported on the first Synacktiv hack of a Tesla vehicle, finding shortcomings in the security of the vehicle’s modem by executing a TOCTOU exploit and gaining access to the vehicle.
It then confirmed the hack with the following message:
— TESLARATI (@Teslarati) January 24, 2024
On the second day of the Pwn2Own event, Synacktiv planned to hack the Tesla Infotainment System using a 2-bug chain to infiltrate it.
According to the Zero Day Initiative, the organization that runs Pwn2Own, the Synacktiv team earned $100,000 for the hack and 10 Master of Pwn points, which will determine the winner of the entire event.
Some people were misinformed when we initially reported on Synacktiv’s initial hack of the modem.
Tesla is sponsoring this year’s event and encourages hackers to try and infiltrate its vehicles so it can identify where security is weak and needs to be fixed.
Pwn2Own has helped many companies understand what weaknesses their security systems have, which not only protects the companies themselves but also the owners of their products.
Synacktiv has hacked Tesla systems in previous years, including at the 2023 Pwn2Own event.
No Tesla systems were hacked during Day 3, but Synacktiv did manage to infiltrate a Sony media receiver, which helped the team gain more money and Master of Pwn points for the competition.
At the end of Day 3, Synacktiv was in the lead with 50 points, well over the 25.5 that second-place fuzzware.io had. Synacktiv has also accumulated $450,000 in prizes so far.
I’d love to hear from you! If you have any comments, concerns, or questions, please email me at email@example.com. You can also reach me on Twitter @KlenderJoey, or if you have news tips, you can email us at firstname.lastname@example.org.