Tesla supports security contests and runs its own bug bounty programme. (Image credit: Tesla)
Share Post
Tesla supports security contests and runs its own bug bounty programme. (Image credit: Tesla)
A team of security researchers called Synacktiv has won $200,000 (approximately Rs. 1,66,16,200) and a brand new Tesla Model 3 for identifying a chain of exploits that could be used by malicious attackers to compromise a Tesla’s CAN (control area network) bus and ECU (electronic control unit). The flaw demonstrated by Synacktiv could theoretically allow an attacker to affect a vehicle’s engine and transmission control, battery management, powertrain, suspension, door and seat controls, telematics, and other critical parameters.
The demonstration took place at the biannual Pwn2Own hacking contest in Vancouver, Canada. The contest is backed by Trend Micro’s Zero Day Initiative, which encourages the discovery and ethical disclosure of security vulnerabilities. Tesla supports such hacking competitions with large prizes, and runs its own bug bounty programme to reward researchers for discovering exploits.
Synacktiv, which is based in France and describes itself as an “offensive security company”, won $100,000 (approximately Rs. 83,08,100) from Tesla in January this year at another Pwn2Own event in Tokyo, Japan for discovering a chain of exploits in Tesla’s infotainment system and a flaw in its modems. In March 2023, it won another Tesla Model 3 and $100,000 for successfully manipulating the Tesla Energy Gateway, which communicates with a Tesla Powerwall home energy storage system and manages how and when to charge a vehicle.
Confirmed!!! The @Synacktiv team used a single integer overflow to exploit the #Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always. #Pwn2Own #P2OVancouver pic.twitter.com/FcB4fTiOa7
— Zero Day Initiative (@thezdi) March 20, 2024
Tesla’s engagements with white-hat hackers and security researchers show how important cybersecurity is to the company and to the connected vehicle industry at large. Connected cars, particularly entire fleets of them, are tempting targets for malicious attackers, as they could be an easy way to target individuals or cause significant disruption on a large scale.
However, the carmaker was also in the news recently for dismissing a potential threat discovered by researchers at Mysk, who managed to clone a Tesla’s digital key in a controlled demonstration using a fake Wi-Fi hotspot and capturing a user’s Tesla account credentials.
Auto Expo Best Of Show At Auto Expo 2025: JSW MG Motor India Wins Best Car Brand Pavilion
Pratik Rakshit 21 Jan, 2025, 4:21 PM IST
Auto Expo Best Of Show At Auto Expo 2025: Hyundai Creta Electric Wins Best Global Debut
Acko Drive Team 21 Jan, 2025, 2:10 PM IST
Royal Enfield Scram 440 Launch Tomorrow
Jehan Adil Darukhanawala 21 Jan, 2025, 1:56 PM IST
Acko Drive Best of Show at Auto Expo 2025: TVS iQube Vision Wins Best Concept Bike Award
Jehan Adil Darukhanawala 21 Jan, 2025, 1:13 PM IST
Acko Drive Best of Show at Auto Expo 2025: Yamaha Motor India Wins Best Bike Brand Pavillion Award
Arun Mohan Nadar 21 Jan, 2025, 1:10 PM IST
We promise the best car deals and earliest delivery!