French cybersecurity team wins a Tesla for hacking into one

The car's infotainment and security systems were breached in mere minutes at a hacking conference in Vancouver, B.C.

Jil McIntosh
Published Mar 29, 2023  •  2 minute read
Join the conversation
The Synacktiv team at Pwn2Own after hacking a Tesla
The Synacktiv team at Pwn2Own after hacking a Tesla Photo by Synacktiv

In a little less than two minutes, a team of researchers from French cybersecurity company Synacktiv hacked into the infotainment and safety systems of a new Tesla Model 3. Don’t worry, it wasn’t anything nefarious—they did it at the annual Pwn2Own 2023 hacking conference in Vancouver, B.C., in mid-March. The team ended up winning US$250,000 for their efforts—along with a brand-new example of the car they hacked.

Story continues below

Including prizes they won for hacking other issues throughout the event – they were named the top winners overall at the conference – Synacktiv eventually pocketed a total US$350,000, not including the new Tesla. The event is organized by Zero Day Initiative (ZDI), a subsidiary of a Japanese cybersecurity firm, which offers cash rewards to researchers who find security issues in products and programs. Over the three-day Pwn2Own conference, international teams discovered security breaches in such products as Adobe Reader, Microsoft SharePoint, Windows 11, and Apple macOS.

The team worked on the car’s head unit, which controls the infotainment and navigation systems. It would have been preferable to hack into the car itself, but organizers said they preferred to err on the side of caution for people or other cars around the vehicle being hacked, since the unit also controls the driving assist systems.

Recommended from Editorial

  1. Hackers are getting into EV chargers, and potentially into your data too

    Hackers are getting into EV chargers, and potentially into your data too

  2. Motor Mouth: This patent may be Ford’s dumbest idea ever

    Motor Mouth: This patent may be Ford’s dumbest idea ever

Learn more about the cars

The team was given ten minutes and three chances to hack into the car. They first got into the infotainment system and replaced the Tesla logo with that of Synacktiv; and then got into the car’s systems entirely through Bluetooth.

ZDI said it reveals the hacking details privately to the software companies involved. It then gives the companies 90 days to develop and release patches to solve the issue; after that, it reveals the flaws publicly, whether or not the patches are available.

Story continues below
We apologize, but this video has failed to load.
Try refreshing your browser, or
tap here to see other videos from our team.

The electric-car company wasn’t just picked at random. According to ZDI, it partners with several automotive technology companies, and Tesla is a willing participant in the event — in fact, Tesla had its own security team at the event to validate the team’s hack. The automaker is said to be already working on a solution to the breaches found at the event.

In 2019, a team also successfully hacked into a Tesla, also winning the top spot in the conference and taking home the car. In 2022, competitors found vulnerable spots in Tesla’s infotainment system. ZDI said that Tesla is its “single largest target” in the Pwn2Own conference since it “almost singlehandedly invented the connected car industry,” and “knows more than most what’s required to keep one step ahead of the competition and the cybercrime community,” which includes continually looking for software bugs.

Jil McIntosh picture

Jil McIntosh

Jil McIntosh specializes in new-car reviews, auto technology and antique cars, including the two 1940s vehicles in her garage.

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

Join the Conversation

Trending

POPULAR VEHICLE COMPARISONS

5 Affordable EVs

Small trucks

Popular Crossover SUVs

Practical 3-row SUVs

Minivans for the whole family

Compact Cars

Luxury SUVs

Affordable AWD SUVs

Related Stories

  3. Story continues below

  4. The indie scene

    Louise Burns’ new video from her Mellow Drama LP is “Island Vacation.” Headwater is about to undertake its third European tour. A Vancouver gig is planned with Hilary Grist, Oct. 21, St. James Hall. Rococode will release an album in February, Guns, Sex And Glory. Gig: November 6, Biltmore. Try again. The David M videos now on You Tube can be seen at davidmnofun. Victoria’s Northcote has produced a four part documentary on the Nothcote website. Ska band Los Furios are hoping to participate in the London International Ska Festival held in England from May 3rd to May 6th. To get there they need your vote: enquiries@rockersrevolt.com. Deadline is November 30. Valentine Records offers a free weekly podcast at podcast@valentinerecords.net. Another Victoria act, Himalayan Bear, has his third album, Hard Time, out October 11. Same day he plays Vancouver’s Lido. Adaline’s second album, Modern Times, is due November 1. November 5, she’s at the Biltmore. Jeff Toyne, composer of music for film and TV, has been named by Playback Magazine as one of the ten writers to watch in 2011. Toyne ‘s work can be heard on Dirty Girl, which was released in selected Canadian cinemas this month.

    11 years, 7 months ago Entertainment
    The indie scene