Tesla Model 3 hacked by cybersecurity team in minutes

Researchers from French cybersecurity firm Synacktiv won $350,000 and a new Tesla Model 3 at a security conference by hacking into the gateway and infotainment subsystems of the vehicle in less than two minutes.

During the Pwn2Own 2023 hacking conference held in Vancouver, British Columbia, last week, Synacktiv's so-called ethical hackers were able to "fully compromise" the electric vehicle, gaining control of its safety systems and breaking into its infotainment system.

They hacked into the Tesla's head unit instead of the entire vehicle for safety reasons. The head unit controls the car's infotainment and navigation systems.

"Of course, we would like to do this on a car itself but there are just too many variables that would make it potentially dangerous for those around the vehicle, including the building vehicles parked by, so we do not want to take that chance. We prefer a nice controlled environment," Dustin Childs said in a video of the event available on YouTube.

Childs is head of threat awareness at the Zero Day Initiative, which runs bug bounty programs that pay researchers to find security breaches. Zero Day Initiative is owned by Trend Micro, a Japanese cybersecurity company that organizes the annual Pwn2Own conference.

Synacktiv's hackers had 10 minutes to attempt three hacks on the Model 3.

Synacktiv's team took over the car's interactive infotainment system. They punctuated the feat by replacing Tesla's logo with a Synacktiv logo. The hack earned Synacktiv's team $250,000. In the other hack, the team earned $100,000 and a new Tesla Model 3 for fully tapping into the car via an Ethernet network.

Synacktiv's white hat hackers breached the Model 3's Gateway system, an energy management system that communicates between a Tesla vehicle and the Tesla Powerwall, a backup electrical system for homes based on the company's battery technology.

The hacks were confirmed by a Tesla security response team in Vancouver to monitor the process.

Tesla is expected to fix the bugs via the vehicle's self-updating system, according to a Security Week report.

With their hack that entirely compromised the vehicle's head unit, Synacktiv was capable of opening the Tesla's trunk and doors while it was in motion, according to a Dark Reading report.

In 2022, a security researcher was able to demonstrate how to unlock the doors and start the electric motor of Tesla's S and Y models.

Representatives from Tesla, Synacktiv and Pwn2Own were not available to reply to Automotive News' queries about the hacking contest.