Pwn2Own is a twice-a-year hacking conference that includes various contests for hackers to hack things and win the thing that got hacked, which, at this month’s Pwn2Own conference in Vancouver, included a Tesla Model 3, which a French company was able to exploit in less than two minutes.
- Consumer Reports’ 18 Most Satisfying New Vehicles to Own
- Tesla Sells Out of Steering Wheels as Owners Rush to Replace Yokes
- AWD RX-7 vs. Trackhawk, GR Yaris-Powered AE86: The Best Automotive Videos on YouTube This Week
Of course, a lot more work went into the hack than a couple minutes, though when it is time to shine at the competition the hackers have only 10 minutes per attempt. They completed two different Tesla hacks, with the first one earning them $100,000 and a Model 3, and a second, more sophisticated one earning them $250,000. That latter one they completed with 8:45 left on the clock.
You can watch terribly unexciting if also very wholesome video of this great feat here:
The hackers did not in fact hack into a Model 3 in the interests of safety, but instead merely the head unit that operates navigation and infotainment, because who knows what a hacked Model 3 is really capable of. As in, Synacktiv says that, combined with its other Model 3 win, they could’ve taken over the car.
I applaud these experienced and very pleased men. Synacktiv, a name which is making me hungry, also won top spot at the event.
Pwn2Own began in 2007 for the purposes of ethical hacking but has had a somewhat lower profile in recent years. It added cars in 2019, and a Tesla Model 3 was hacked that first year, via ZDNet:
Team Fluoroacetate —made up of Amat Cama and Richard Zhu— hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process to execute code on the car’s firmware and show a message on its entertainment system.
As per contest rules announced last fall, the duo now gets to keep the car. Besides keeping the car, they also received a $35,000 reward.
“In the coming days we will release a software update that addresses this research,” a Tesla spokesperson told ZDNet today in regards to the Pwn2Own vulnerability. “We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”
An email sent to Tesla for comment on this year’s hack went unreturned, though I’ll update this post if I hear back.