French cyber security firm Synacktiv, which participated in Pwn2Own, one of the largest hacking competitions in the world, managed to seize all the systems of Tesla’s Model 3 car. Moreover, the team of 2 people did this in just a few hours.
With the proliferation of autonomous and “smart” vehicles, many people began to fear that their vehicles would be hacked. Even if it is a bit absurd, an example of this We saw it in Fast and Furious 8 too..
On the other hand, Tesla, which is the first brand that comes to mind when it comes to autonomous vehicles, is so confident in its vehicles that it participates in many hacking competitions every year, challenging hackers who are experts in their field. This year, too, to test new security technologies Pwn2Own Tesla, who appeared in the competition, could not escape the talented employees of the French cyber security company Synacktiv.
They successfully captured all of the vehicle’s systems
The French “offensive” cyber security firm called Synacktiv, which participated in Pwn2Own, one of the world’s largest hacking competitions, usually attended by white hat hackers and cyber security companies, managed to hack a Tesla Model 3 with a system they prepared from scratch in a few hours. Synacktiv employee “_p0ly_” And “vdehorsAll controls of the vehicle were seized by hackers named ” and It was stated that full access to all systems was provided..
Of course, Tesla’s vehicles have been hacked before at competitions like DefCon and Pwn2Own. However, in previous hacks, relatively simple features such as accessing the vehicle’s headlight systems, unlocking the doors and interfering with the remote horn were achieved. However, Synacktiv For the first time, it broke new ground by capturing all of Tesla’s systems..
So how did they take over Tesla?
Synacktiv team, in their statement, in order to infiltrate the systems of Tesla Model 3 TOCTTOU announced that they were taking advantage of an attack called To put it very simply, TOCTTOU is a type of cyber attack that is organized by the attackers modifying a file checked in the system just before it is checked. As simple as this attack may sound, It takes good timing, skill and a bit of luck.
In addition, the Synacktiv team said that they contacted Tesla to fix the vulnerability and that even if the vulnerability is not resolved. He states that it is not easy to seize Teslas with such an attack..
RELATED NEWS
Incident like a comedy movie that questions the safety of Tesla cars: Accidentally got into someone else’s Tesla and drove for hours
While the team reported that due to legal reasons, they would only tell Tesla officials exactly how the hacking process took place; Synacktiv team, 100,000 dollars won the award and a new Tesla Model 3.