Hackers break into the Tesla car web browser to win a Model 3

Well it’s certainly one way to get yourself a Model 3: hackers have successfully exploited a security hole in Tesla’s in-car browser at the Pwn2Own hacking contest, earning themselves one of the electric cars as a prize.

TechCrunch reports that Richard Zhu and Amat Cam – aka team Fluoroacetate – were able to bypass various security measures to get a message displayed on the browser.

Tesla has said it will issue a fix for the bug to prevent it being exploited in the future. Meanwhile, the Fluoroacetate team walked away from Pwn2Own with some $375,000 (about £283,700 or AU$529,100) in prize money, as well as their new car.

“We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today,” said Tesla in a statement.

Browser changes

It’s worth pointing out that the bug that Zhu and Cam exploited was limited to the browser – they weren’t able to take control of the car or anything like that.

At the same hacking conference, hundreds of thousands of dollars were paid out for bugs discovered in Apple Safari, Microsoft Edge, Microsoft Windows, VMware Workstation and Mozilla Firefox.

In other Tesla browser-related news, CEO Elon Musk announced on Twitter that the in-car software would soon be making the switch to Chromium – the same open source code that Google Chrome is built on.

Whether or not that makes the browser more secure remains to be seen, but as always, don’t try browsing the web and driving a car at the same time.

Source

Be the first to comment

Leave a Reply

Your email address will not be published.


*


13 − 8 =