Hackers Digitally Invade Tesla Model 3, Winning One

Matt Posky
by Matt Posky

Computer experts successfully broke a Tesla Model 3 at the “Pwn2Own” hacking event held recently in Vancouver. However, Tesla Motors isn’t biting its nails over someone finding vulnerabilities in its system, as it was privy to the plan. The automaker has operated a “bug bounty program” for the past 4 years, rewarding anyone who can pull it off — going so far as saying it wouldn’t void a vehicle’s warranty if a customer successfully hacked it in “good faith.” It even offered a maximum reward of $15,000 (USD) last year.

Meanwhile, the group that managed to break the Model 3 in Canada this month received more than a sack of cash from the automaker.

In addition to a corporate blessing for some top-shelf, white-hat hacking, Tesla provided the group with a car of their own, according to Electrek:

Amat Cama and Richard Zhu of team Fluoroacetate targeted the infotainment system on the Tesla Model 3 and used “a JIT bug in the renderer” to manage to take control of the system.

For exposing the vulnerabilities and giving the automaker the opportunity to improve its software security, Tesla is giving them the Model 3.

It’s adding to several more prizes won by team Fluoroacetate during the competition.

The hack job was apparently no cakewalk. Electrek reports that the team only managed to find a functional exploit on the last day of competition, though they were quite busy for the duration — often working on other challenges.

“We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us,” said David Lau, Vice President of Vehicle Software at Tesla, leading up to the event. “Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle– we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community.”

He added, “We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems.”

Unlike its beta-tested Autopilot system, Tesla’s approach to digital security is admirable and decidedly wise. Rather than penalize individuals who break its system, it’s been rewarding them — giving hackers an incentive to work with the company, rather than against it. Back in 2016, Keen Security Labs remotely hacked the Tesla Model S through a malicious wifi hotspot. It identified the vulnerability and went to Tesla first, who promptly fixed the exploit. The automaker has reportedly given away hundreds of thousands of dollars in rewards to hackers who’ve exposed vulnerabilities in its systems.

[Image: Tesla]

Matt Posky
Matt Posky

A staunch consumer advocate tracking industry trends and regulation. Before joining TTAC, Matt spent a decade working for marketing and research firms based in NYC. Clients included several of the world’s largest automakers, global tire brands, and aftermarket part suppliers. Dissatisfied with the corporate world and resentful of having to wear suits everyday, he pivoted to writing about cars. Since then, that man has become an ardent supporter of the right-to-repair movement, been interviewed on the auto industry by national radio broadcasts, driven more rental cars than anyone ever should, participated in amateur rallying events, and received the requisite minimum training as sanctioned by the SCCA. Handy with a wrench, Matt grew up surrounded by Detroit auto workers and managed to get a pizza delivery job before he was legally eligible. He later found himself driving box trucks through Manhattan, guaranteeing future sympathy for actual truckers. He continues to conduct research pertaining to the automotive sector as an independent contractor and has since moved back to his native Michigan, closer to where the cars are born. A contrarian, Matt claims to prefer understeer — stating that front and all-wheel drive vehicles cater best to his driving style.

More by Matt Posky

Comments
Join the conversation
3 of 6 comments
  • Inside Looking Out Inside Looking Out on Mar 25, 2019

    Very wise approach from Tesla. It cost them less than hiring expert as a consultant or permanent position.

  • ToolGuy ToolGuy on Mar 26, 2019

    I have discovered a vulnerability in the paint adhesion of my mid-90's GM pickup - do I get a free truck?

    • Erikstrawn Erikstrawn on Mar 26, 2019

      No, but you can get $15,000 off the original MSRP of any mid-90's GM pickup you find at Pull-A-Part.

  • Golden2husky Have to say he did an excellent job on the C7, especially considering the limited budget he was given. I am very happy with my purchase.
  • Marty The problem isn't range; it's lack of electricity in multi-unit building parking. All you need is level 1 - a standard 120v wall socket - and if you're plugged in 10 hours overnight you get 280 miles per week or more. That's enough for most folks but you can use public charging to supplement when needed. Installing conduit circuits and outlets is simple and cheap; no charge stations needed.
  • 2manyvettes Tadge was at the Corvette Corral at the Rolex 24 hour sports car race at the end of January 2023. During the Q&A after his remarks someone stood up and told him "I will never buy an electric Corvette." His response? "I will never sell you an electric Corvette." Take that Fwiw.
  • Socrates77 They're pinching pennies for the investors like always, greed has turned GM into a joke of an old corporate American greed.
  • Analoggrotto looking at this takes me right back to the year when “CD-ROM” first entered public lexicon
Next