en

Unconventional Records: Pentesters Hacked a Tesla in Just 2 Minutes

Unconventional Records: Pentesters Hacked a Tesla in Just 2 Minutes
Datami Newsroom
Datami Newsroom Datami Newsroom
Jun 27, 2025 3 min

This record immediately brings to mind the famous Hollywood film Gone in 60 Seconds, but back in the 2000s, technology hadn’t yet evolved to today’s level - car theft still relied on brute-force methods. Today, however, all it takes to take control of a vehicle is a computer. That’s exactly what hackers demonstrated at a special 2023 competition: they hacked a Tesla in just 120 seconds - a result that caused a sensation.

The event took place in Vancouver, Canada, as part of the Pwn2Own hacking competition. Specialists from 10 countries participated, including a team of pentesters from France, who showcased two separate exploits targeting the Tesla Model 3.

The hackers gained access to critical vehicle subsystems, including those responsible for safety and control functions. This would have made it possible, for instance, to open the front trunk or doors of a Tesla Model 3 while the car was in motion. They also breached the multimedia system and achieved root access to internal components.

In one of the cases, they performed a TOCTTOU (Time-of-Check to Time-of-Use) attack targeting the Gateway energy management system. This attack took less than two minutes. In the second scenario, the researchers exploited a heap overflow vulnerability and an out-of-bounds write bug in the Bluetooth chipset. The technical specifics of these attacks were not disclosed in order to prevent real-world replication.

For demonstrating their skills, the pentester team received multiple prizes: a brand-new Tesla Model 3, as well as monetary rewards of $100,000 and $250,000.

Importantly, the specialists ensured no harm to other Tesla owners - the exploits were demonstrated on an isolated vehicle head unit. Tesla’s head units are control centers for the infotainment system, providing access to navigation, entertainment, and other features.

Pwn2Own Vancouver banner. A vibrant nighttime cityscape of Vancouver with illuminated skyscrapers reflected in the water under a starry sky.

Pwn2Own is a prestigious ethical hacking competition that showcases real-world vulnerabilities in widely used technologies. It was founded in 2007 by security expert Dragos Ruiu as a response to Apple’s reluctance to address security flaws.

The first competition was held during the CanSecWest conference, and it has since grown into a biannual event. Participants are tasked with finding and exploiting zero-day vulnerabilities in popular software or devices, hacking them under controlled conditions, and demonstrating their results. Successful attacks earn researchers both cash prizes and the targeted device itself.

Typical Pwn2Own participants include professional security researchers, Red Team specialists, corporate cybersecurity teams, academic representatives, and independent hacker enthusiasts. All competitors operate within the bounds of ethical hacking: they do not exploit vulnerabilities maliciously but instead disclose them to organizers and vendors so the issues can be responsibly patched.

free_consultation

Fill out the form below, and we’ll get in touch with you right away to discuss a plan to protect your business!

Updated: 27.06.2025
(0 assessments, average 0/5.0)

Related content

TOP 5 Largest Cryptocurrency Hacks in History Datami Newsroom
Datami Newsroom

TOP 5 Largest Cryptocurrency Hacks in History

The cryptocurrency industry is still in its formative stage, and its highly complex technologies are not always adequately protected. In addition, inexperienced users often make serious mistakes in securing their assets. This creates various opportunities

Jun 3, 2025 4 min
Datami at the Barcelona Cybersecurity Congress 2025: New Horizons in Cybersecurity Datami Newsroom
Datami Newsroom

Datami at the Barcelona Cybersecurity Congress 2025: New Horizons in Cybersecurity

Datami took part in the Barcelona Cybersecurity Congress 2025, one of Europe’s key events dedicated to cybersecurity innovations and technologies.

Jun 3, 2025
Over 480,000 Catholic Health Patients Affected by Personal Data Breach Datami Newsroom
Datami Newsroom

Over 480,000 Catholic Health Patients Affected by Personal Data Breach

The Catholic Health network, which provides medical services to residents of Western New York (USA), has reported a major data breach. As a result, confidential information about 483,000 patients was exposed and became publicly accessible on the internet.

Jun 3, 2025 3 min
Top 10 Cyberattacks That Brought Global Corporations to a Halt Datami Newsroom
Datami Newsroom

Top 10 Cyberattacks That Brought Global Corporations to a Halt

Cyberattacks today pose a serious threat not only to individual users but also to global corporations. Criminals use increasingly sophisticated methods, causing companies billions in losses and disrupting the operation of critical systems.

Jun 17, 2025 3 min
Antivirus Is Not a Shield: Why You Can’t Do Without Pentesting Datami Newsroom
Datami Newsroom

Antivirus Is Not a Shield: Why You Can’t Do Without Pentesting

Among companies, there is a common belief that installing antivirus software provides a sufficient level of security. This stems from the popularity of antivirus solutions, which are an important part of protection, but do not cover all threats.

Jun 23, 2025 3 min
Why Your Smartphone Is at Risk: 5 Common Myths About Mobile Security Datami Newsroom
Datami Newsroom

Why Your Smartphone Is at Risk: 5 Common Myths About Mobile Security

Most of us take careful care of our smartphones, protecting them from scratches, drops, or other physical damage. But when it comes to digital security, many people ignore potential threats. Cybercriminals eagerly take advantage of this negligence...

Jun 3, 2025 5 min
Back to home page
Order a free consultation
We value your privacy
We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy