The Synacktiv team wins $100,000 and a Model 3 at Pwn2Own
@thezdi (Edited by NATA)
Tesla returned as a sponsor at the Pwn2Own 2023 event, offering cash prizes and cars to white-hat hackers who could uncover security vulnerabilities in their vehicles. The Synacktiv team, a security company based in France, took up the challenge, which successfully hacked a Tesla Model 3, earning them $100,000 and the vehicle as a prize.
Tesla Takes Cybersecurity Seriously at Pwn2Own Event
The annual Pwn2Own hacker contest is known for its high stakes, and Tesla's involvement in the event demonstrates the company's commitment to cybersecurity. This year, the electric vehicle (EV) manufacturer brought a Model 3 and a Model S as targets for hackers. Tesla offered a top prize of $600,000 plus the car to any individual or team who could display a complex exploit chain leading to a complete vehicle compromise.
Synacktiv Demonstrates Complex Exploit, Earning Top Prize
The Synacktiv team rose to the challenge, executing a Time of Check to Time of Use (TOCTOU) attack against the Tesla Energy Gateway. This type of cybersecurity vulnerability occurs when an attacker exploits the small-time window between a resource's check and use, allowing unauthorized access or modification of the resource during that brief period.
This is the second year in a row that Synacktiv has successfully demonstrated an exploit in a Tesla Model 3 at the Pwn2Own event. Last year, they managed to exploit the vehicle's infotainment system, but the complexity of the hack was not enough to win the car. This year, however, their successful TOCTOU attack earned them $100,000 and the Model 3 and 10 Master of Pwn points.
Event Highlights Vehicle Security in a Connected World
Tesla's participation in Pwn2Own highlights the importance of vehicle security as EVs become more connected and sophisticated. As technology advances, so does the need for robust security measures to protect drivers, passengers, and cars from potential cyberattacks.
Tesla recently released how the company collects and uses information about its owners and drivers. It also instructed owners on how to get information the company has and how to delete it.
By inviting white-hat hackers to test their vehicles' security systems, Tesla can gather valuable information about potential vulnerabilities and develop stronger defenses for their cars. This proactive approach to cybersecurity sets a positive example for the automotive industry and demonstrates Tesla's commitment to maintaining the highest level of safety for its customers.
Subscribe
Subscribe to our newsletter to stay up to date on the latest Tesla news, upcoming features and software updates.
Tesla has begun to reach out to customers in the United States and is offering demo drives of the Cybertruck on an invite-only basis. @brandonhd on X shared the first invite image, and it looks like it's going out quite quickly to multiple locations that have Cybertrucks on display.
Up until now, display vehicles have been for just that – looking, but no touching. Some Tesla delivery centers and showrooms have also allowed viewers to take a seat inside and open it up, but most are still locked away behind the velvet rope.
It’s exciting to see that Tesla has begun to demo them – and it can only be so long until demo drives open up to everyone.
Advisor-led Demo
This Demo Drive is led by a Tesla Advisor – while you’re driving, the advisor will be in the passenger seat, walking you through the experience. They’ll explain steer-by-wire, off-road controls, and will introduce new-to-Tesla buyers to all the features that are currently available.
The list of locations so far for demo drives appears to be fairly limited, but we will hopefully see demo drives roll out throughout the United States, and eventually Canada too. Here is the current list of city/state locations that have seen demo drive invites.
Actually Smart Summon, the successor to Tesla’s Smart Summon feature, has been confirmed to be coming as soon as next month as per Elon Musk. Colloquially known as “ASS”, Actually Smart Summon is supposed to improve on the regular Smart Summon capabilities, which have historically used ultrasonic sensors (USS) to navigate parking lots.
We’re looking forward to Actually Smart Summon, and we’re quite excited about what other features will be unlocked once it finally shows up at our doorstep.
Vision-based Improvements
ASS is supposed to bring Smart Summon to vehicles that don’t have USS – using Tesla Vision. Most recently, Tesla has brought Autopark to vehicles without USS, and Vision-based Autopark has been a huge success. It is faster, more reliable, and smoother than the older USS-based solution. It can also park and maneuver in tighter locations.
Today, Smart Summon is sometimes useful at best, usually a party trick, or downright dangerous at worst. It’s excellent and best used in straight lines, where you have a clear line of sight of the vehicle, and can stop it if doesn’t see an obstacle.
I used Smart Summon today, just before writing this article – my 2022 Model Y (with USS) – did manage to show up just fine – in a straight-line location from where I was parked, after exiting the parking spot fairly cleanly. However, I’ve previously used Smart Summon and have had the vehicle turn towards obstacles, such as cart returns or curbs. Overall, it’s a sometimes-useful feature that has a lot of drawbacks right now.
Smart Summon is also restricted to a certain distance – and it's pretty small. The max distance is shorter than most parking lots, being only about 215 ft (65m). If you’re lucky enough to park close, it's very useful to bring your car right to you.
Actually Smart Summon
ASS will bring FSD V12-like capabilities to Smart Summon – the vehicle will primarily use Vision to drive toward you (or the location you’ve indicated). ASS has been supposed to be coming since about September 2022 and has seen many delays – we’re almost at the 2-year point today.
We’re looking forward to Actually Smart Summon being able to bring the vehicle – safely – right to you. ASS is also one of the key steps towards bringing some other cool features that Elon Musk has previously mentioned – Park Seek and Banish Autopark.
We’re also hopeful that Actually Smart Summon will increase the maximum range a vehicle can be summoned, because the current range is fairly small. Alongside Park Seek and Banish Autopark, we’re closing in on a Robotaxi-based future.
Park Seek and Banish Autopark
When the FSD v12.4 showed up, Elon also mentioned that going forward, vehicles would automatically park themselves when arriving in a parking lot – Park Seek – and that if you got out of the car at the entrance to a business, you could get it to automatically park itself in the parking lot – Banish Autopark. These are two features that are needed for Robotaxi to work – which itself is delayed to October 10th of this year. We’re looking quite forward to them – as in combination with Actually Smart Summon, Tesla has reached the cusp of vehicle autonomy.
A vehicle that arrives, driverless, at the location you’re at, then drives somewhere, parks itself there, and waits for you – is the definition of a Robotaxi.
While we’re likely to have to wait for Banish Autopark and Park Seek just a bit longer, Actually Smart Summon being around the corner is exciting! Gone will be the days of having to run out to your car when you forgot your umbrella – your car will just come right to you instead.
TeslaFi logs your drives and charging sessions, letting you keep a log of your vehice's activity. We highly recommend checking them out if you use your car for business trips and would like to keep track of reimbursements, if you like to see how much you spend on charging or if you just love statistics. Visit their site and see everything they have to offer!
Tesla Android Project enables you to run Android apps in your Tesla. The platform is Open Source and you can deploy it on your own Raspberry Pi 4. Consider supporting the initiative by donating or purchasing the Compute Module 4 Bundle that delivers the best experience. Get $20 off by using the code: NotATeslaApp
The official Tesla app only notifies you if your car is broken into. By installing Sentry Pro on your phone, you will be notified for all Sentry Mode events. Stay connected and avoid potential surprises by receiving notifications. Stop constantly checking the cameras to ensure safety. Check only when necessary, save battery and get peace of mind. Get a 7 day free trial here!
Stay organized, connected, and stylish with Cyberbackpack — the #1 backpack, luggage & travel accessories for Tesla owners. We highly recommend checking them out if you commute or travel and would like a backpack or luggage that is sleek, secure and durable. View their products page and see everything they have to offer!
Enhance Auto’s innovative products elevate your Tesla experience. The customizable S3XY Buttons and Knob offer seamless control over vehicle features with a simple press or turn. Visit enhauto.com to explore their full range of products and transform your driving experience today!
Find out how to become a sponsor and have your site listed here.
Although we share official Tesla release notes, we are not affiliated with Tesla Motors. We are Tesla fans and supporters.