On March 23, the world’s most famous and highest-paying hacker competition, Pwn2Own 2023, opened. Tesla was breached twice at the event, and as a result, hackers won $350,000 and a Model 3 car.
Pwn2Own is a competition organized by the Zero Day Initiative. Participants who successfully breach a target are awarded points to compete for prizes and the title of grand champion. On the first day of the competition, the Synacktiv team from France successfully executed a TOCTOU attack on Tesla Gateway, winning $100,000, 10 Master of Pwn points, and a Tesla Model 3.
On the second day of the competition, the Synacktiv team breached Tesla again, using heap overflow and OOB write to exploit the information and entertainment system on the car, winning the Tier 2 award, $250,000, and 25 Master of Pwn points.
Tesla’s security response team verified the hackers’ findings on-site and is expected to fix these vulnerabilities through OTA updates.
In addition to breaching Tesla, Synacktiv also breached the Windows 11 system at the competition, winning $30,000. In the end, they took home half of the total prize money, a total of $530,000.
