Tesla 'Hacked' Four Times In A Single Day: Is The Company's Security On Thin Ice?

Tesla owners are facing a cybersecurity crisis after hackers breached the company's systems four times in a single day. This unprecedented series of attacks has raised serious concerns about the safety of Tesla vehicles and the security of its extensive network.

However, it's important to note that these incidents were 'ethical hacks' conducted by cybersecurity researchers. They took part in a 'bug bounty' programme, where they were rewarded for identifying and reporting security vulnerabilities in Tesla's systems. This initiative not only helps Tesla enhance its security measures but also underscores the growing importance of robust cybersecurity for automotive companies.

Examining the Four Tesla Hacks

While full technical details of the exploits and vulnerabilities will remain confidential for 90 days to give Tesla time to implement fixes, Forbes has provided initial insights into the successful zero-day attacks carried out during day two of the Pwn2Own Automotive event - a prestigious hacking competition with a history dating back to 2007.

The PHP Hooligans hacking team exploited a zero-day vulnerability in the Tesla Wall Connector, causing it to crash. According to the report, the exploit used a 'Numeric Range Comparison Without Minimum Check bug (CWE-839),' which earned the team a £40,367.50 ($50,000) bounty.

A Synacktiv hacking team exploited a critical logic flaw in Tesla's Wall Connector, earning a £36330.75 ($45,000) bounty at the Pwn2Own competition. While not strictly zero-days, two further teams successfully attacked Tesla, exploiting known vulnerabilities in a technique known as a 'collision.'

The PC Automotive team, consisting of Radu Motspan, Polina Smirnova, and Mikhail Evdokimov, successfully exploited the Tesla Wall Connector, earning a £18165.38 ($22,500) bounty. Separately, Sina Kheirkhah from the Summoning Team also exploited the Tesla Wall Connector using a two-vulnerability chain, earning a £10091.88 ($12,500) reward.

Hackers Capitalise On Vulnerabilities In A Single Day Of Exploits

Pwn2Own, a prestigious hacking competition with a storied history dating back to 2007, consistently attracts the world's top ethical hackers and security researchers, solidifying its reputation as a premier event in the field.

These hackers compete against the clock, vying to be the first to exploit zero-day vulnerabilities in a diverse range of targets, from smartphones to printers and routers. That is an exploit using a vulnerability that is unknown to the vendor. For the second year running, Pwn2Own, organised by the Trend Micro Zero-Day Initiative, has seen an automotive-exclusive event.

Tesla At Pwn2Own: When Hackers Strike

For the second consecutive year, Pwn2Own, organised by the Trend Micro Zero-Day Initiative, has featured an exclusive automotive event. Last year's Pwn2Own Automotive competition was lucrative for hackers, with a total of £1068729.56 ($1,323,750) in rewards distributed over three days.

This year's event, held from 22nd to 24th January in Tokyo and co-sponsored by Tesla, has added the Tesla wall charger to its roster of hacking targets.

On day two of the Pwn2Own competition, hackers successfully targeted the Tesla wall charger, earning a total of £104551.82 ($129,500) in zero-day bounties. In a single day of the Pwn2Own competition, hackers earned £104551.82 ($129,500) by successfully compromising Tesla targets.

Hacking Tactics Evolving

While we're accustomed to headlines about massive data breaches and smartphone hacks, the threat landscape extends beyond passwords and personal devices. Our vehicles are also targets, as evidenced by a recent report detailing 13 security vulnerabilities impacting Mercedes-Benz owners.

These successful hacks serve as a critical reminder for automakers and consumers alike that robust cybersecurity measures are essential to ensure the safety and security of our increasingly connected vehicles.