With a Tesla Model 3, hackers delivered the "triple whammy," remotely accessing a number of features.

Image Credit: HT Tech A Tesla Model 3 was breached by hackers using three different techniques. According to Tesla, the vulnerabilities only let the attackers control non-essential tasks; they did not give them access to the engine or other driving-related components. The security experts claim they believe they could, but they lack proof just yet. The argument is now moot because Tesla will soon release updates, though. To win $140,000 and the Tesla Model 3, researchers at Pwn3Own 2023 last week discovered three vulnerabilities in the vehicle. The security team from Synacktiv was able to remotely operate the infotainment system, the lights, the horn, the wipers, the windscreen, and the boot door thanks to the exploits. "We wouldn't be able to brake, accelerate, or turn the steering wheel, according to [Tesla]. But, based on our knowledge of the car's architecture, we cannot be certain that this is true, and we lack evidence to support it "According to Benoist-Vanderbeken, TechCrunch. Despite winning the hacked Model 3 at the event, the security expert claims that the team does not have access to a Tesla. He did not explain why they do not own the vehicle, but he did say that his team is eager to verify Tesla's claim. Tesla has not publicly addressed the vulnerabilities, but it has suggested that its developers are working on fixes that should be available in a soon-to-be-released over-the-air update. Tesla is "doing an excellent job" of hardening its systems, according to the Synacktiv team, to the credit of the automobile manufacturer. A "mature" system of sandboxes that isolates one component from another was one of the team's more challenging obstacles. Attackers are prevented from accessing one system by compromising another by such compartmentalization. Vincent Dehors, a Cyber Security Engineer at Synacktiv, compared the security of Tesla to that of mobile web browsers. It's not quite at the level of a current browser operating on an iPhone or an Android, but Dehors claimed it's not that far off. Because Tesla vehicles are so well-connected to the internet, they must be secure because they are more likely to be a target than other vehicles. Image Credit: Car Trade A Bluetooth hack was the initial weakness that allowed them entry. The second was a vulnerability that gave the hackers root access to at least one system on the Model 3 and let them run any code they wanted. The "security gateway," which manages some commands transmitted to the automobile, was hacked by the third flaw. As is common for the Pwn2Own event, the host Trend Micro alerted Tesla to the zero-day flaws so that it would have a chance to close the gaps before making the details of the hacks public in around 90 days. Tesla informed Synacktiv that while having access to some basic features that would, at worst, irritate the owner, its team would not have been able to carry out essential tasks like starting the engine or twisting the steering wheel. Tesla's assertion, according to one of Synacktiv's reverse engineers named Eloi Benoist-Vanderbeken, might not be accurate. "We wouldn't be able to brake, accelerate, or turn the steering wheel, according to [Tesla]. But, based on our knowledge of the car's architecture, we cannot be certain that this is true, and we lack evidence to support it "According to Benoist-Vanderbeken, TechCrunch. Despite winning the hacked Model 3 at the event, the security expert claims that the team does not have access to a Tesla. He did not explain why they do not own the vehicle, but he did say that his team is eager to verify Tesla's claim. Tesla has not publicly addressed the vulnerabilities, but it has suggested that its developers are working on fixes that should be available in a soon-to-be-released over-the-air update. Tesla is "doing an excellent job" of hardening its systems, according to the Synacktiv team, to the credit of the automobile manufacturer. Image Credit: Simplilearn A "mature" system of sandboxes that isolates one component from another was one of the team's more challenging obstacles. Attackers are prevented from accessing one system by compromising another by such compartmentalization. Vincent Dehors, a Cyber Security Engineer at Synacktiv, compared the security of Tesla to that of mobile web browsers. It's not quite at the level of a current browser operating on an iPhone or an Android, but Dehors claimed it's not that far off. Because Tesla vehicles are so well-connected to the internet, they must be secure because they are more likely to be a target than other vehicles. Read More: The Best Hacking Gadgets For Hackers It's important to note that Synacktiv dominated the opposition and won the three-day battle to claim the title of "Masters of Pwn." The professional pen testers defeated Star Labs, who came in second, by a score of 53 to 19.5, gaining more than half of the $1,035,000 in prizes and a Tesla Model 3.