Sign In

Communications of the ACM

ACM TechNews

Pwn2Own Hackers Breach a Tesla Twice

View as: Print Mobile App Share:

Tesla’s security response team validated the results. The automaker is expected to issue over-the-air fixes to patch the flaws, according to SecurityWeek.

Credit: Patrick Pleul/Getty Images

Participants of the Pwn2Own software exploitation conference hacked technology from automaker Tesla twice at the Zero Day Initiative's Pwn2Own software exploitation conference, earning $350,000 and a Model 3 infotainment system.

The team from French security company Synacktiv executed a time-of-check-to-time-of-use (TOCTOU) exploit against a Tesla Gateway, then employed a heap overflow and an out-of-band write vulnerability to gain access to and compromise the Model 3.

Pwn2Own describes a TOCTOU exploit as a "file-based race condition that occurs when a resource is checked for a particular value, and that value changes before the resource is used, invalidating the results of the check."

SecurityWeek said Tesla is expected to release patches to correct the flaws exposed by the Synacktiv hacks.

From PC Magazine
View Full Article


Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


No entries found