Tesla hack earns researchers $200,000


After demonstrating a working Tesla zero-day vulnerability, a team of French researchers netted $200,000 and a new Tesla Model 3 at the Pwn2Own Vancouver 2024.

The Synacktiv team researchers successfully hacked Tesla‘s electronic control unit (ECU) using a single integer overflow with Vehicle (VEH) CAN BUS Control, event organizers said.

It took the researchers less than half a minute to complete the hack and win the biggest prize on the competition’s first day.

ADVERTISEMENT

The second largest cash prize of $130,000 went to team Theori, who combined an uninitialized variable bug, a UAF, and a heap-based buffer overflow to escape VMware Workstation and execute code as SYSTEM on the host Windows OS.

Meanwhile, the third largest cash prize and second largest point number went to Manfred Paul. The researcher, who received $102,500 for his efforts, demonstrated a remote code execution (RCE) attack on the Apple Safari, Google Chrome, and Microsoft Edge browsers.

On the first day of the competition, the event’s organizers awarded contestants $732,500 for 19 unique zero-day flaws. Researchers are also awarded points to compete for the “Master of Pwn” title.