The software developers for Tesla models should publish security updates as soon as possible – after all, the participants in this year’s Pwn2Own Automotive hacking competition successfully attacked the electric car manufacturer’s infotainment system, among other things.
49 zero-day vulnerabilities
Advertisement
The competition, held in Tokyo, lasted three days and the majority of attack attempts were successful. This brings the teams prize money. In total, the organizer Trend Micro claims to have paid out $1.3 million.
With Pwn2Own Automotive, charging stations also had to be included.
(Picture: Zero Day Initiative)
With $450,000, Team Synacktiv leads the leaderboard by a wide margin. In total, participants discovered 49 zero-day vulnerabilities. Now it is up to the manufacturers to release security updates.
The attacks
For security reasons, there is currently no specific information about the vulnerabilities and attack patterns. It is known, for example, that Synacktiv combined three security holes to compromise the Tesla modem. The attack earned them $100,000 in prize money. The Tesla infotainment system gave up after a chain of two bugs.
In addition, several infotainment systems such as the Sony XAV-AX5500 and Pioneer DMH-WT7600NEX had to believe in it. An attack on Pheonix’s Contact CHARX SEC-3100 system failed because the time limit was exceeded.
There were also successful attacks against charging stations such as Ubiquiti Connect EV Station. An attack on the JuiceBox 40 Smart EV Charging Station was successful, but because the vulnerability was already known, there is no prize money.
It is still unclear when the first security patches will appear.
(of)