A Tesla Model 3 has been hacked… for a good reason, as part of a computer security competition. However, the hackers were entitled to walk away with the electric car and a handsome check for $350,000. We tell you how they did it.
Cybersecurity is a broad field that is attracting more and more attention, as the media continues to demonstrate Cyberwar. Cars are no exception to the rule, as they are connected locally, via Bluetooth and Wi-Fi, or remotely, over 4G and now 5G.
A hacking competition in Vancouver
Every year, a computer security competition is held in Vancouver. Called Pwn2Own, it takes place during the CanSecWest conference dedicated to cyber security. Companies use the opportunity to test their security systems, allowing hackers to look for flaws. This year, Tesla was part of it, with its popular Model 3. The goal was to successfully enter the operating system as an administrator and restore all rights.
And a hacker broke this record, allowing him to take control of the entire car. It refers to the ability to start and fly the vehicle, even if not explicitly stated. To do this, the front door was used Bluetooth connection The infotainment system allows music to be played, especially in the passenger compartment. Once the infotainment system was hacked, it was possible to resume administrative rights.
But beware, although the video below shows the effect of the two hackers’ various exploits, not all the details have been made public yet. So, we’ll have to wait for a little more information to find out if they were able to capture the electric car only through Bluetooth or through physical access to the on-board computer. It would also be interesting to know if their technique works when the car is stationary and is turned off. In this case, Bluetooth will always be activated, allowing the car to be unlocked via an app or optional physical key.
This experience, however, allows two hackers to get away with two checks: The first is 100,000 dollars and the second is 250,000 dollars, but with a Tesla. Organizer Announces Hackers Win Tesla Model 3… But Shows Tesla Model S His tweet.
The role of white hat hackers
Anyway, this isn’t the first time hackers white caps (Ethical hackers) Enter a Tesla Model 3 during the Pwn2Own contest. For the first time in 2019, computer security researchers were able to control a car through a web browser.
Does that mean Tesla’s electric cars aren’t safe? Not really, because it is almost possible to hack any computer. Finding a potential defect requires time and resources. We saw it again with hackers recently Able to unlock dozens of cars (Hyundai, Nissan, Honda, Infiniti and Acura) use their Unique Identification Number (VIN).
What is most important is the measures taken by the manufacturer to avoid the existence of these defects and minimize the impact of their exploitation. In this case, we might wonder if the hackers could have left the car running. If this wasn’t the case, we imagine they might have opened the doors…or just started the music. Between these three cases, we can see that the risk of error is not exactly the same.
Of course, this type of convention is very useful for computer system builders, who can fill in the gaps. We should know more about the Tesla flaw in the coming weeks once the company fixes it and the hackers present their exploits.
Our colleagues at Numerama are launching What Else, their newsletter dedicated to the future movement. Register here Be sure to get the next issue!