Pwn2Own: Tesla Model 3 hacked, hackers win $250K and a Tesla Model 3
Members of ethical hacking and security firm Synacktiv showing a successfully compromised Tesla Model 3 infotainment system, with their logo shown as proof. (Source: Zero Day Initiative)

A pair of ethical hackers from offensive security company Synacktiv hacked into a Tesla Model 3 during the Pwn2Own contest held in Vancouver, Canada on March 22, 2023. The researchers exploited multiple vulnerabilities in the Model 3’s infotainment system and took control of the vehicle’s brakes, headlights, and other systems. They also displayed a message on the car’s screen, proving that they had taken control.

The researchers, David Berard and Vincent Dehors of Synacktiv, initially were awarded $100K. But upon further review by the Zero Day Initiative, the organization holding the Pwn2Own conference, the pair actually qualified for $250K in prize money.

Synacktiv participants in the contest combined with winnings of $530K across the three-day event.

The hack is significant because it shows that even highly secure systems like Tesla’s can be breached, given enough time and resources. Tesla has heavily invested in cybersecurity efforts in the past, giving away a Model 3 to a pair of researchers demonstrating successful exploits in 2019.

The Pwn2Own contest is an annual event that challenges security researchers to find vulnerabilities in a range of different systems, including cars, computers, and smartphones. This year’s contest was sponsored by Tesla, among others.

The Zero Day Initiative – the organization running Pwn2Own – posting that Synacktiv, an offensive security company participating in the event, used an exploit against the Tesla infotainment system and has won $100K and a Tesla Model 3 in the Pwn2Own conference. The award money would later be upgraded to $250K. A Tesla Model S is shown in error. (Source: Twitter)

Tesla has long been considered one of the most secure car manufacturers, thanks in part to its use of over-the-air software updates that can quickly patch vulnerabilities. However, this hack shows that there is always a risk of attack, no matter how secure a system may seem.

Tesla has already issued a software update to fix the vulnerability exploited in the Pwn2Own contest. The company said that it had been working with the researchers before the event to identify and fix any potential vulnerabilities.

Tesla also said that it would continue to work with the security research community to improve the security of its vehicles. The company has a bug bounty program that rewards researchers who find vulnerabilities in its systems, and it has worked with researchers to fix issues in the past.