Security News > 2021 > May > Tesla Car Hacked Remotely From Drone via Zero-Click Exploit

Tesla Car Hacked Remotely From Drone via Zero-Click Exploit
2021-05-03 12:29

Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction.

The analysis was initially carried out for the Pwn2Own 2020 hacking competition - the contest offered a car and other significant prizes for hacking a Tesla - but the findings were later reported to Tesla through its bug bounty program after Pwn2Own organizers decided to temporarily eliminate the automotive category due to the coronavirus pandemic.

An attacker can exploit these flaws to take full control of the infotainment system of a Tesla without any user interaction.

They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters.

"Adding a privilege escalation exploit such as CVE-2021-3347 to TBONE would allow us to load new Wi-Fi firmware in the Tesla car, turning it into an access point which could be used to exploit other Tesla cars that come into the victim car's proximity. We did not want to weaponize this exploit into a worm" Weinmann said.

Over the past years, cybersecurity researchers from several companies have demonstrated that a Tesla can be hacked, in many cases remotely.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/05AITg-JYng/tesla-car-hacked-remotely-drone-zero-click-exploit

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-01-29 CVE-2021-3347 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.10.11.
local
low complexity
linux debian fedoraproject CWE-416
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Tesla 8 0 9 4 0 13