Successful Car Mod Without Client Loss
A hacking team from a cybersecurity studies company, Synacktiv, managed to access the infotainment and gateway systems of a Tesla Model 3 in mere minutes during their participation at the yearly Pwn2Own hacking contest, which just happened in Vancouver, BC. Fortunately, the targeted vehicle was not one owned by an actual customer.
The team was rewarded with a generous $350,000 and a shiny new Model 3 as a result of their hard work, but owners of the electric vehicle and others like it won’t be feeling too good about it. The hackers were able to “fully compromise” the car in no time at all, which is a cause for concern. Fortunately, only the Model 3’s head unit was hacked; this head unit is responsible for the infotainment and navigation systems. For safety reasons, the entire vehicle was not hacked.
Given a mere ten minutes, the members of the team had three trials to breach the security model of the Model 3: you can witness these attempts in the above-linked video beginning at the 2 and half minute mark. They snared themselves $250K by competently accessing the infotainment system simultaneously attaining this objective in less than two minutes. For that, they changed the Tesla logo with the Skynacktiv sign as an emblem of their success. The remaining $100K was earned when they tapped into the car using an Ethernet network, providing them with the ability to hypothetically open the trunk and doors of the vehicle whilst it was moving and to regulate various safety features.
Events such as Pwn2Own 2023 focus attention on potential flaws within the cyber security sector, and with the growing linkage of cars to a continually escalating number of features which are dependent on software rather than mainly hardware, the dangers facing consumers clearly call for an analysis.
“Of course, we would like to do this on a car itself,” stated Dustin Childs, the head of threat awareness at the Zero Day Initiative, “but there are too many variables that could potentially put those around the vehicle in danger, including those in close proximity to the parked cars. We’d rather err on the side of caution and conduct our tests in a safe and controlled environment.” The Zero Day Initiative pays researchers to identify potential security vulnerabilities, and while they acknowledge that Teslas have “multiple layers of security,” it’s evident that these can be bypassed.
In the past few years, vehicle hacks have increasingly been brought to the public eye. A young tech-savvy hacker aimed to reinforce this idea when they seized command of no less than 25 separate Teslas just last year. Additionally, it was discovered that Ford F-150 Lightning’s Phone-As-A-Key system can be broken into by hackers.
As reported by SecurityWeek, Tesla’s cyber protection squad went to the hacking conference in Vancouver in order to confirm the outcomes. The sophisticated electric car company will shortly make available a solution through its vehicle’s self-updating program, which should intensify security and make the cars less likely to be targets of possible attacks.