acm-header
Sign In

Communications of the ACM

ACM TechNews

Pwn2Own Hackers Breach a Tesla Twice


View as: Print Mobile App Share:

Tesla’s security response team validated the results. The automaker is expected to issue over-the-air fixes to patch the flaws, according to SecurityWeek.

Credit: Patrick Pleul/Getty Images

Participants of the Pwn2Own software exploitation conference hacked technology from automaker Tesla twice at the Zero Day Initiative's Pwn2Own software exploitation conference, earning $350,000 and a Model 3 infotainment system.

The team from French security company Synacktiv executed a time-of-check-to-time-of-use (TOCTOU) exploit against a Tesla Gateway, then employed a heap overflow and an out-of-band write vulnerability to gain access to and compromise the Model 3.

Pwn2Own describes a TOCTOU exploit as a "file-based race condition that occurs when a resource is checked for a particular value, and that value changes before the resource is used, invalidating the results of the check."

SecurityWeek said Tesla is expected to release patches to correct the flaws exposed by the Synacktiv hacks.

From PC Magazine
View Full Article

 

Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account