Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own hacking contest in Vancouver. The attacks gave them deep access into subsystems controlling the vehicles safety and other components.
One of the exploits involved executing what is known as a time-of-check-to-time-of-use (TOCTTOU) attack on Teslas Gateway energy management system. They showed how they could then — among other things — open the front trunk or door of a Tesla Model 3 while the car was in motion. The
less than two-minute attack
fetched the researchers a new Tesla Model 3 and a cash reward of $100,000.
The Tesla vulnerabilities were among a total of
22 zero-day vulnerabilities
that researchers from 10 countries uncovered during the first two days of the three-day Pwn2Own contest this week.
In the second hack, Synacktiv researchers exploited a heap overflow vulnerability and an out-of-bounds write error in a Bluetooth chipset to break into Teslas infotainment system and, from there, gain root access to other subsystems. The exploit garnered the researchers an even bigger $250,000 bounty and Pwn2Owns first ever Tier 2 award — a designation the contest organizer reserves for particularly impactful vulnerabilities and exploits.
The biggest vulnerability demonstrated this year was definitely the Tesla exploit, says Dustin Childs, head of threat awareness at Trend Micros Zero Day Initiative (ZDI), which organizes the annual contest. They went from whats essentially an external component, the Bluetooth chipset, to systems deep within the vehicle.
Because of the risk involved in hacking an actual Tesla vehicle, the researchers demonstrated their exploits on an isolated vehicle head unit. Tesla head units are the control unit of the cars infotainment system and provide access to navigation and other features.
Some of the other significant discoveries included a two-bug exploit chain in Microsoft SharePoint that fetched Singapore-based Star Labs $100,000 in rewards, a three-bug exploit chain against Oracle Virtual Box with a Host EoP that earned Synacktiv researchers $80,000, and a two-bug chain in Microsoft Teams for which researchers at Team Viette received $75,000.
The bug discoveries have fetched the researchers a total of $850,000 in winnings. ZDI expects that payouts for vulnerability disclosures will hit the $1 million mark by the end of the contest — or about the same threshold as last year. Were heading towards another million-dollar event, which is similar to what we did last year and slightly larger than what we did at our consumer event last fall, Childs says.
Since launching in 2007 as a hacking contest largely focused on browser vulnerabilities, the Pwn2Own event has evolved to cover a
much broader range of targets and technologies
including automotive systems, mobile ecosystems, and virtualization software.
At this years event, researchers, for example, had an opportunity to take a crack at finding vulnerabilities in virtualization technologies such VMware and Oracle Virtual Box, browsers such as Chrome, enterprise applications like Adobe Reader and Microsoft Office 365 Pro Plus, and server technologies such as Microsoft Windows RDP/RDS, Microsoft Exchange, Microsoft DNS, and Microsoft SharePoint.
The available awards in each of these categories varied. Eligible exploits and vulnerabilities in Windows RDP/RDS and Exchange for example qualified for rewards of up to $200,000. Similarly, VMware ESXi bugs fetched $150,000, Zoom vulnerabilities qualified for $75,000, and Microsoft Windows 11 bugs earned $30,000.
Vulnerabilities in the automotive category — unsurprisingly — offered the highest rewards, with a total of $500,000 available for grabs to researchers who unearthed bugs in Teslas systems, including its infotainment system, gateway, and autopilot subsystems. Researchers had an opportunity to try their hand against the Model 3 and Tesla S. Those who found ways to maintain root persistence on the cars infotainment system, autopilot system, or CAN bus system had the opportunity to earn an additional $100,000. The total offered payout of $600,000 is the largest amount for a single target in Pwn2Own history.
Ironically, the browser category, which is what Pwn2Own was all about in its early years, drew no researcher interest this year. Were seeing about the same level of participation as in years past with the exception of the browser category, Childs says. No one registered for that, and we can only speculate on why that is.
So far, in the 16 years that the event has been around, researchers have discovered a total of 530 critical vulnerabilities across a range of technologies and received some $11.2 million for their contribution.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest