Pwn2Own Vancouver 2024 Day 1 – team Synacktiv hacked a Tesla

Pierluigi Paganini March 21, 2024

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack.

Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced Trend Micro’s Zero Day Initiative (ZDI). The experts successfully demonstrated exploits against a Tesla car, Linux and Windows operating systems, and more.

The team Synacktiv earned $200,000 for demonstrating an integer overflow exploit against a Tesla car, the experts targeted the electronic control unit (ECU) with CAN bus control. The team also won a new Tesla Model 3.

pwn2own vancouver 2024 Tesla

In past editions of the hacking competition, the same team already demonstrated exploits against Tesla. In January the Synacktiv Team () compromised the Tesla infotainment system on the  hacking competition. The bug hunters chained two vulnerabilities to hack the Tesla infotainment system, they earned $100,000 and 10 Master of Pwn Points.

The researchers Gwangun Jung () and Junoh Lee () from cyber security firm Theori () chained an uninitiallized variable bug, a UAF, and a heap-based buffer overflow to achieve a VMware Workstation escape and execute code as SYSTEM on the host Windows OS. The team earned $130,000 and won 13 Master of Pwn points.

The researcher Manfred Paul () chained an integer underflow bug and a PAC bypass in Apple Safari to achive remote code execution on the popular browser. He earned $60,000 and 6 Master of Pwn points.

Bruno PUJOS and Corentin BAYET from software reverse engineering & vulnerability discovery company REverse Tactics () chained a buffer overflow and a Windows UAF bypass in Oracle VirtualBox to escape the guest OS and execute code as SYSTEM on the host OS. The team earned $90,000 and 9 Master of Pwn points.

The complete list of results for the first day of the Pwn2Own Vancouver 2024 hacking competition is available here:

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Pwn2Own Vancouver 2024)



you might also like

leave a comment