Security News > 2024 > March > Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car.
Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.
Using a Windows kernel vulnerability, they can also get a $300,000 award for a successful Hyper-V Client guest-to-host escape and a privilege escalation on the host OS. During last year's Vancouver Pwn2Own, won by Team Synacktiv, hackers earned $1,035,000 and a Tesla car for 27 zero-days in Windows 11, Microsoft Teams, Microsoft SharePoint, macOS, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, and Tesla's Model 3.
Synacktiv also hacked the Tesla Modem and Infotainment System during the first edition of Pwn2Own Automotive in January, getting root permissions on a Tesla Modem by chaining three zero-days and demoing an Infotainment System sandbox escape via a two zero-day exploit chain.
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice.
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo.
News URL
Related news
- Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2 (source)
- QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3 (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root (source)