January 25, 2024 at 03:52PM
Researchers at Pwn2Own 2024 in Tokyo compromised multiple electric vehicle chargers, operating systems, and Tesla components, uncovering numerous zero-day vulnerabilities. They earned $722,500 in winnings on the first day alone. Synacktiv’s notable achievements include exploits of various EV charging stations and Tesla systems, highlighting the growing complexity and security concerns in modern vehicles.
Key takeaways from the meeting notes:
1. Researchers at Pwn2Own 2024 in Tokyo compromised electric vehicle chargers, operating systems, Tesla components, and discovered numerous zero-day vulnerabilities. The event has shed light on the security issues within the automotive industry.
2. Synacktiv, the team that breached a Tesla Model 3 last year, made notable exploits against various components including Tesla’s modem and infotainment system at this year’s event.
3. The growing attack surface of vehicles due to the addition of wireless connectivities and remote access capabilities has highlighted the need for enhanced cybersecurity measures in the automotive industry.
4. There’s a conundrum in managing IT equipment alongside safety-critical machinery in cars, especially with the disparate product life cycles between IT and OT tech.
5. The meeting explores two potential paths for vehicle cybersecurity at the infotainment level: relying on external devices (such as smartphones) for infotainment functions, or licensing operating systems from big companies like Google. The industry must address these challenges to ensure comprehensive vehicle security.
6. Manufacturers and the industry at large need to invest in cybersecurity, conduct audits, and actively work towards making vehicles more resilient against hacking. There may be a need for regulatory intervention to push the industry towards adopting stronger cybersecurity measures.