A group of security researchers have, once again, proven that Tesla vehicles’ high-tech software and systems are easily exploited. At Zero Day Initiative’s Pwn2Own 2023 hacking competition this week, cybersecurity firm Synacktiv successfully cracked both Tesla’s infotainment and Gateway networks in a Model 3 car, as first reported in a Zero Day blogpost.
As the “Pwn2Own” name of the contest suggests, the researchers subsequently won the vehicle—along with a combined cash prize of $350,000 for the two achievements.
On Wednesday, Snyactiv’s white hat hackers breached the Model 3's Gateway system. Tesla’s Gateway is an energy management interface that communicates between Tesla vehicles and Tesla Powerwalls— the company’s home grid system. Though the security researchers weren’t working on an actual vehicle, the breach would’ve theoretically allowed them to open the car’s doors and front hood, per an Axios report.
The following day, Synactiv was also able to “exploit the infotainment system” on a Tesla and gain extensive enough access to potentially “take over the car,” according to a tweet from the cybersecurity firm. Zero Day, too, seemed to back up this assessment in its own post announcing an increased prize for the accomplishment.
Combined and applied maliciously, the hacks would’ve easily rendered a Tesla car unsafe to drive. Thankfully, they were confined to the corporate sponsored competition. To the company’s credit, Tesla put its tech up for the test, and will almost certainly patch the security flaws uncovered at Pwn2Own.
That said, this is far from the first time that security researchers and hackers have broken into a Tesla. Last year, a white hat uncovered a vulnerability that could lead to one of the EVs being stolen. Also in 2022, a teenager claimed to have breached an entire global fleet of 25 different Teslas—and be able to run remote commands on those vehicles. Additional past hacks have demonstrated security vulnerabilities in the cars’ key fobs and data security systems.