Security24.03.2023

Hacking team wins a second Tesla Model 3 and R6.5 million at Pwn2Own

Cybersecurity firm Synacktiv won $360,000 (R6.5 million) and a second Tesla Model 3 on day two of the 2023 Pwn2Own competition in Vancouver, Bleeping Computer reports.

Team members David Berard and Vincent Dehors earned the company $250,000 (R4.5 million) by hacking the Tesla Model 3 via a heap overflow, and an out-of-bounds write exploit chain.

They also took home the car itself as a reward, and the company earned a further $110,000 (R2 million) for successful Oracle VirtualBox and Ubuntu Desktop Exploits.

The team’s Thomas Imbert and Thomas Bouzerar exploited a three-bug chain to escalate privileges on a VirtualBox host.

Another team member, Tanguy Dubroca, showcased a zero-day to escalate privileges on Ubuntu Desktop.

Ten zero days were successfully exploited on the second day of the competition.

Other notable hacks included Team Viettel’s 2-bug chain exploit for Microsoft Teams and its successful exploitation of a use-after-free bug and an uninitialised variable on Oracle’s VirtualBox.

The team took home $118,000 (R2.1 million) on the day.

Synacktiv’s success on day two follows its significant winnings on the first day of the 2023 Pwn2Own competition.

On day one, the company earned $140,000 (R2.5 million) for successfully hacking a Tesla Model 3 and using a time-of-check-to-time-of-use (TOCTOU) zero-day vulnerability to elevate privileges on macOS.

Synacktiv’s team also used a TOCTOU attack against the Tesla and won the vehicle in addition to the prize money.


Now read: Linus Tech Tips main YouTube channel hacked

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter