A Tesla Model 3 has been hacked… for a good cause, as part of a computer security contest. The hackers however had the right to leave with the electric car as well as a handsome check for $350,000. We tell you how they did it.
Cybersecurity is a vast field, more and more in the spotlight, as the Cyberwar media regularly proves. Cars are no exception to the rule, since they are increasingly connected, whether locally, with Bluetooth and WiFi, or remotely, in 4G and now 5G.
A hacking contest in Vancouver
Every year, a computer security competition is held in Vancouver. Called Pwn2Own, it takes place during the CanSecWest conference, dedicated to cybersecurity. Companies take the opportunity to test their security systems, allowing hackers to look for flaws. This year, Tesla was part of it, with its famous Model 3. The goal was to successfully enter the operating system as an administrator, and recover all rights.
And a hacker just pulled off the feat, allowing him to take control of the entire car. Which could mean the ability to start and fly the vehicle even though it hasn’t been explicitly announced. To do this, the front door used was la connexion Bluetooth to the infotainment system, in particular allowing music to be played in the passenger compartment. Once the infotainment system was hacked, they managed to continue, to regain administrative rights.
But beware, all the details have not yet been made public, despite the video below showing the result of the various exploits of the two hackers. We will therefore have to wait for a little more information to find out if they were able to take possession of the electric car only via Bluetooth, or also with physical access to the on-board computer. It would also be interesting to know if their technique works when the car is stationary and turned off. In this case, Bluetooth is always activated, to allow the opening of the car via the application or the optional physical key.
This experience, however, allows the two hackers to leave with two checks: a first of 100,000 dollars and a second of 250,000 dollars, but also with a Tesla. The organizer announces that the hackers have won a Tesla Model 3… but shows a Tesla Model S in son tweet.
The role of white hat hackers
Either way, this isn’t the first time white hat hackers (ethical hackers) have broken into a Tesla Model 3 during the Pwn2Own contest. The first time was in 2019, when computer security researchers managed to take control of the car through the web browser.
Does that mean Tesla’s electric cars aren’t safe? Not really, since it is virtually possible to hack any system. It just takes time and resources to find a possible flaw. We saw it again recently with hackers who succeeded in opening dozens of cars (Hyundai, Nissan, Honda, Infiniti and Acura) thanks to their unique identification number (VIN).
The most important thing is the measures put in place by the manufacturer which make it possible to avoid the presence of these flaws and to reduce the impact of their exploitation. In this case, we can therefore wonder if the hackers could have started the car and left with it. If this is not the case, we imagine then that they could have simply unlocked the doors… or only started music. We can see that between these three cases, the dangerousness of the fault is absolutely not similar.
Of course, this kind of conference is extremely useful for computer system builders, to enable them to fill in the gaps. We should know more about the Tesla flaw in the coming weeks, once the company has fixed it and the hackers present their modus operandi.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.