Participants of the Pwn2Own software exploitation conference hacked technology from automaker Tesla twice at the Zero Day Initiative's Pwn2Own software exploitation conference, earning $350,000 and a Model 3 infotainment system.
The team from French security company Synacktiv executed a time-of-check-to-time-of-use (TOCTOU) exploit against a Tesla Gateway, then employed a heap overflow and an out-of-band write vulnerability to gain access to and compromise the Model 3.
Pwn2Own describes a TOCTOU exploit as a "file-based race condition that occurs when a resource is checked for a particular value, and that value changes before the resource is used, invalidating the results of the check."
SecurityWeek said Tesla is expected to release patches to correct the flaws exposed by the Synacktiv hacks.
From PC Magazine
View Full Article
Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA
No entries found