White-hat cybersecurity research duo hacks Tesla car at Pwn2Own

A researcher duo taking part in the Pwn2Own competition managed to successfully breach the defences of a Tesla vehicle. As a reward, they get to keep the car.

Specifically, this is a Tesla Model 3 car. The Pwn2Own contest was held this week in Vancouver, Canada. The researcher duo goes by the name of team Fluoroacetate. They attempted to hack the car through a browser and succeeded.

This was made possible by taking advantage of the so-called JIT bug, where a hacker can execute custom code on the firmware level and show custom letters on the entertainment screen.

The Pwn2Own event is held by Trend Micro’s Zero-Day Initiative and attracts the top white-hat cybersecurity researchers from all around the globe, incentivising them to come up with an exploit against pre-defined targets.

The contest rules state that whoever succeeds to hack the car at the event not only gets to keep it, but also received a $35,000 reward.

According to a Tesla spokesperson, they are already working on a software update that will address the issue highlighted at the event. Proceeding to thank the researcher duo and commending them for their skill, they went on to state the findings will help make their vehicles safer on the road.

All in all, team Fluoroacetate also collected enough points to become the overall winners of the three-day contest. This was made possible by demonstrating their prowess hacking Firefox, Microsoft Windows 10, Apple Safari, VMware workstation and Microsoft Edge.

Out of the total $545,000 awarded at the event, the hacking duo seized a lion’s share worth $375,000.