/* ---- Google Analytics Code Below */

Wednesday, March 29, 2023

Teslas Being Hacked for $$

A well known kind of security breach worked on a Tesla.  Big finding reward.  Expected to be remotely fixed.

Pwn2Own Hackers Breach a Tesla Twice,   By PC Magazine, March 29, 2023

Tesla’s security response team validated the results. The automaker is expected to issue over-the-air fixes to patch the flaws, according to SecurityWeek.

Participants of the Pwn2Own software exploitation conference hacked technology from automaker Tesla twice at the Zero Day Initiative's Pwn2Own software exploitation conference, earning $350,000 and a Model 3 infotainment system.

The team from French security company Synacktiv executed a time-of-check-to-time-of-use (TOCTOU) exploit against a Tesla Gateway, then employed a heap overflow and an out-of-band write vulnerability to gain access to and compromise the Model 3.

Pwn2Own describes a TOCTOU exploit as a "file-based race condition that occurs when a resource is checked for a particular value, and that value changes before the resource is used, invalidating the results of the check."

SecurityWeek said Tesla is expected to release patches to correct the flaws exposed by the Synacktiv hacks.

From PC Magazine  

No comments: