
Tesla supports security contests and runs its own bug bounty programme. (Image credit: Tesla)
Share Post
Tesla supports security contests and runs its own bug bounty programme. (Image credit: Tesla)
A team of security researchers called Synacktiv has won $200,000 (approximately Rs. 1,66,16,200) and a brand new Tesla Model 3 for identifying a chain of exploits that could be used by malicious attackers to compromise a Tesla’s CAN (control area network) bus and ECU (electronic control unit). The flaw demonstrated by Synacktiv could theoretically allow an attacker to affect a vehicle’s engine and transmission control, battery management, powertrain, suspension, door and seat controls, telematics, and other critical parameters.
The demonstration took place at the biannual Pwn2Own hacking contest in Vancouver, Canada. The contest is backed by Trend Micro’s Zero Day Initiative, which encourages the discovery and ethical disclosure of security vulnerabilities. Tesla supports such hacking competitions with large prizes, and runs its own bug bounty programme to reward researchers for discovering exploits.
Synacktiv, which is based in France and describes itself as an “offensive security company”, won $100,000 (approximately Rs. 83,08,100) from Tesla in January this year at another Pwn2Own event in Tokyo, Japan for discovering a chain of exploits in Tesla’s infotainment system and a flaw in its modems. In March 2023, it won another Tesla Model 3 and $100,000 for successfully manipulating the Tesla Energy Gateway, which communicates with a Tesla Powerwall home energy storage system and manages how and when to charge a vehicle.
Confirmed!!! The @Synacktiv team used a single integer overflow to exploit the #Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always. #Pwn2Own #P2OVancouver pic.twitter.com/FcB4fTiOa7
— Zero Day Initiative (@thezdi) March 20, 2024
Tesla’s engagements with white-hat hackers and security researchers show how important cybersecurity is to the company and to the connected vehicle industry at large. Connected cars, particularly entire fleets of them, are tempting targets for malicious attackers, as they could be an easy way to target individuals or cause significant disruption on a large scale.
However, the carmaker was also in the news recently for dismissing a potential threat discovered by researchers at Mysk, who managed to clone a Tesla’s digital key in a controlled demonstration using a fake Wi-Fi hotspot and capturing a user’s Tesla account credentials.
Toll Rates On Structured National Highways Reduced By 50%: MoRTH
Sutanu Guha 6 Jul, 2025, 12:34 PM IST
New Mahindra XUV 3XO Variant Teased Ahead Of Launch Soon
Sutanu Guha 6 Jul, 2025, 9:35 AM IST
BMW CE 04 Updated For 2025 With More Features
Sutanu Guha 6 Jul, 2025, 8:23 AM IST
Here Are The Top Five Two-wheeler News Stories Of The Week
Jehan Adil Darukhanawala 5 Jul, 2025, 1:02 PM IST
Top 5 Electric Two-wheelers Launched So Far In 2025
Jehan Adil Darukhanawala 5 Jul, 2025, 9:49 AM IST
Looking for a new car?
We promise the best car deals and earliest delivery!