The world’s most famous, the most lucrative hacking competition Pwn2Own 2023 opened, Tesla in the competition was hacked twice, the hacker also won $ 350,000 and a Model 3 car.
Pwn2Own is a competition organized by the Zero Day Initiative, where Pwn2Own participants earn points for each successful hack to compete for prizes and the title of overall winner. On the first day of the competition, the Synacktiv team from France, successfully executed a TOCTOU attack on Tesla Gateway. As a result, they won $100,000, 10 Master of Pwn points and a Tesla Model 3.
On the second day of the competition, the Synacktiv team again breached the Tesla, using heap overflows and OOB writes to exploit the infotainment system on the Tesla. The team won a Tier 2 award, $250,000 and 25 Master of Pwn points.
Tesla’s security response team was on hand to verify the hackers’ findings and expects to fix the vulnerabilities with an OTA update.
Synacktiv not only breached Tesla at the contest, but also Windows 11, for which they received $30,000. In the end, they took half of the total prize money, totaling $530,000 (currently about 3,641,000 RMB).