Cyber Bites
Tesla Hacked In Paid Tokyo Automotive Competition
Hackers at Pwn2Own Automotive 2024 won $200,000 for finding vulnerabilities in Tesla’s systems. The event awarded over $1 million to improve automotive cybersecurity. As electric vehicles grow, addressing these risks becomes even more critical.
Hackers Win Big for Exposing Tesla Vulnerabilities at Automotive Cybersecurity Event
At the Pwn2Own Automotive 2024 event, organised by Trend Micro's Zero Day Initiative, a hacker team secured a $200,000 reward for successfully identifying and exploiting vulnerabilities in a Tesla's cellular modem and infotainment system.
This competition, aimed at uncovering and addressing potential security gaps in automotive technologies before they can be exploited maliciously, awarded over $1 million in total prizes.
The event, held in Japan, saw participants challenge the security of automotive electronics, with the winning team, Synacktiv, earning a cumulative $450,000 for their expertise in breaching various car-related technologies, including charging stations and a Sony infotainment system.
The initiative emphasises the importance of cybersecurity in the automotive industry by rewarding hackers for finding flaws and ensuring these vulnerabilities are shared with manufacturers for remediation, thereby enhancing the safety and reliability of automotive technologies in the face of evolving cyber threats.
The Risk With EVs
There's no doubt electric vehicles come numerous advantages to their counterparts, such as lower emissions and reduced cost over time. However, the also open up new opportunities for hackers to exploit them.
As recently as 2023 Eagers Automotive, one of Australia's largest car dealership groups, was hacked. Recently they released a statement confirming the incident:
“The company can now confirm that the incident involved unauthorised access to parts of the company’s IT systems by a third party, which accessed some data from our servers”
“The disruption is primarily impacting the company’s ability to finalise transactions for certain new vehicles which have been sold and are ready for delivery, and some aspects of the company’s service and parts operations.”
Whist the incident did not directly affect electric vehicle systems, accessing a dealership's IT systems is a step too close to comfort to compromising the cars.
Several officials have already held a forum to discuss how to manage any potential vulnerabilities, especially regarding power grids and charging.
With the US looking bolster electric vehicle (EV) adoption events such as Pwn2Own become so much more important.