본문바로가기

FESCARO

Future Mobility Software Solutions Partner

SCROLL DOWN




In January 2024, a team of hackers who successfully hacked a Tesla and took control of the car received a total reward of $450,000. What's even more surprising is that Tesla directly participated in paying the prize money. Let’s find out what happened.


In 2023, a whopping 95% of software-defined vehicle (SDV) cybersecurity incidents were caused remotely, with even half of them being large-scale attacks that could affect tens of millions of vehicles. Accordingly, the role of white hat hackers is becoming more important by identifying and proactively responding to automotive software vulnerabilities and preventing the spread of subsequent damage.




Pwn2Own Automotive LOGO (Source = VicOne)



Against this background, the global automotive hacking competition, Pwn2Own Automotive was held. It was significant in that it was the first exclusive automotive event of ‘Pwn2Own,’ a world-renowned hackathon famous for publicly discovering and demonstrating security vulnerabilities in various fields. It was implemented in earnest to provide a venue for discovering new automotive vulnerabilities and to publicize them to respond jointly with global automotive industry officials.

This event was operated as part of the Zero Day Initiative program of the global software security company Trend Micro. It is designed to discover zero-day vulnerabilities (new vulnerabilities for which no computer patches exist) and respond quickly to them. As it is a hacking competition specializing in automotive, it was co-hosted with VicOne, Trend Micro's automotive cybersecurity subsidiary. Also, TESLA, which has been willing to provide vehicles to Pwn2Own, appeared as the main sponsor and got together to provide prize money worth $450,000.

At the first Pwn2Own Automotive, which attracted attention globally, 9 major countries including the United States, Germany, and France participated. In addition, as future mobility was the focus, in-vehicle infotainment (IVI), electric vehicle chargers, and operating systems (OS), including Tesla vehicles, became targets of hacking, and as many as 49 new security vulnerabilities were discovered in a total of 3 days.


 The winning team, Synacktiv (Source = businesswire)



An information security company from France, Synacktiv won the competition by successfully hacking the Tesla modem (data signal conversion device), EV charger, and in-vehicle infotainment (IVI) sandbox system through vulnerability chain (a method of linking multiple security vulnerabilities). In particular, they successfully hijacked Tesla's entire IVI and gateway system over two days, vividly demonstrating the dangers of automotive cyberattacks.


FESACRO was able to get in touch about this event through the global automotive cybersecurity association Auto-ISAC. Auto-ISAC is a professional association where leading global companies such as Hyundai Motor Company, Kia, GM, and Mercedes-Benz share the latest information on automotive cybersecurity and cooperate to respond. Government agencies such as the FBI and CISA (Cybersecurity and Infrastructure Security Agency) in the United States are also participating as stakeholders and are actively working on future mobility security. FESCARO, which has great expertise in automotive cybersecurity, is at the forefront of the latest information as an Auto-ISAC community partner. By participating in various activities such as the association's technical seminars, monthly forums, and annual conferences, we feel the growing influence of white hat hackers.


FESCARO's own red team, comprised of white hat hackers, has various success stories of effectively responding to the international automotive cybersecurity regulations (UN R155) by discovering various security vulnerabilities through professional security testing. We have secured over 100 test items and 200 test cases and are continuously developing and strengthening various simulation environments. If you're curious about the details, keep an eye out for FESCAO’s presentation at Auto-ISAC’s Annual Cybersecurity Summit this fall. In addition, FESCARO's red Team, which is being recognized widely in the automotive cybersecurity field, will also soon participate in various hackathons.





List
CONTACT USquestion_mark

SITEMAP