Ka-ching! Tesla infotainment system quickly hacked at security conference
Tesla arguably invented the touchscreen infotainment system as we know it, but researchers have just proven that it can be hacked.
At the annual Pwn2Own Automotive event, organized by Trend Micro’s Zero Day Initiative and focused on uncovering security flaws in automotive software and hardware, researchers have already earned hundreds of thousands of dollars by demonstrating flaws in various systems.
And the Synacktiv Team stood out by leveraging an information leak and an out-of-bounds write to compromise a Tesla infotainment unit via USB-based attack vectors.
Their effort earned $35,000 and reinforced the growing concerns about physical access vulnerabilities in connected cars. Tesla will also probably be happy.
Verified! @synacktiv.com chained two vulnerabilities - an information leak and an out‑of‑bounds write - to achieve a full win in the Tesla Infotainment USB‑based Attack category, earning $35,000 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto
undefined TrendAI Zero Day Initiative (@thezdi.bsky.social) January 21, 2026 at 9:51 AM
[image or embed]
That’s because in 2024, Tesla already rewarded Synacktiv, a French cybersecurity firm, with a $200,000 cash prize and a Model 3 for demonstrating a chain of attacks that could have been used by malicious attackers to compromise a Tesla’s CAN (control area network) bus and ECU (electronic control unit).
In theory, such a serious flaw could have allowed attackers to interfere with a Tesla car's engine and transmission control, battery management, powertrain, suspension, door and seat controls, telematics, and other critical systems.
That same year, another pair of security researchers from Mysk, an iOS app development outfit, also demonstrated how social engineering could be used to theoretically duplicate a Tesla car’s app-based key and steal it, using nothing but a fake WiFi login page.
On day one of the 2026 Pwn2Own Automotive contest, 37 unique flaws were demonstrated successfully, with contestants claiming $516,500 in cash. This year, the competition is held in Tokyo.
Although many of the hacking groups at the show have used infotainment systems to gain unauthorized access to various vehicles, that's not the only attack vector they've exploited.
Curious what others think about this story? Contribute your thoughts to the debate below.
For example, the Fuzzware.io team hacked the Autel MaxiCharger car charger, securing a $50,000 reward. Other groups hacked the Phoenix Contact charging connector and the Grizzl-E Smart smart charger.
Indeed, plugging an electric car into a charger creates a data link that can be abused for many attacks, a researcher warned recently. Hackers can then attempt to steal money, data, or electricity, gain unauthorized control, or even shut down entire systems.
Unlock exclusive Cybernews content on YouTube.
