Don’t worry, it isn’t something to be alarmed because the hackers who broke into the internet browser in a Tesla Model 3 did it at a Pwn2Own event and they are security researchers. In doing so, they won a Tesla Model 3 and $375,000 in prizes. Security researchers Richard Zhu and Amat Cam went into the Tesla 3 and within minutes exploited the vulnerability.
Tesla has been known to participate in these events and even have a bug bounty program which awards people who find bugs in their systems with cash. Other companies use events like Pwn2Own to also the scope and find issues with their systems and software.
Both Richard and Amat exploited a JIT (or “just-in-time”) bug in the Model 3′s web browser that allowed them to hack into the car’s system and display a message on the car’s dashboard display screen.
That’s a wrap! Congrats to @fluoroacetate on winning Master of Pwn. There total was $375,000 (plus a vehicle) for the week. Superb work from this great duo. pic.twitter.com/Q7Fd7vuEoJ
— Zero Day Initiative (@thezdi) 22 March 2019
Hacking cars has become a concern especially now that cars are evolving towards being more connected and also moving towards being autonomous.
“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today,” said Tesla in a statement to TechCrunch.