Security News > 2024 > March > Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
2024-03-21 07:07

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car.

Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.

Using a Windows kernel vulnerability, they can also get a $300,000 award for a successful Hyper-V Client guest-to-host escape and a privilege escalation on the host OS. During last year's Vancouver Pwn2Own, won by Team Synacktiv, hackers earned $1,035,000 and a Tesla car for 27 zero-days in Windows 11, Microsoft Teams, Microsoft SharePoint, macOS, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, and Tesla's Model 3.

Synacktiv also hacked the Tesla Modem and Infotainment System during the first edition of Pwn2Own Automotive in January, getting root permissions on a Tesla Modem by chaining three zero-days and demoing an Infotainment System sandbox escape via a two zero-day exploit chain.

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice.

Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo.


News URL

https://www.bleepingcomputer.com/news/security/windows-11-tesla-and-ubuntu-linux-hacked-at-pwn2own-vancouver/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232
Tesla 8 0 9 4 0 13