back to article Gone in 120 seconds: Tesla Model 3 child's play for hackers

A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile's entertainment system, and from there opening up the car's core management systems. The prize was awarded at the annual Pwn2Own competition in Vancouver and it wasn't Synacktiv's only win. The team …

  1. T. F. M. Reader

    Expect updates soon

    Ubuntu took a hammering... Windows 11 was also shown to have serious flaws and VMWare Workstation was also successfully cracked.

    OK, interesting and important. It would also be interesting whether there were any OSes/systems/platforms/whatever that were not cracked despite the attempts. Or were there none?

    1. Stuart Castle Silver badge

      Re: Expect updates soon

      Any software or OS vendor (and I count Microsoft, Apple and Google in that) worth their salt should have coders and other techies there. Hopefully, we'll get patches for a lot of stuff relatively soon.

      1. John Brown (no body) Silver badge

        Re: Expect updates soon

        With MS, would we even notice the extra patches? It's nearly Patch Tuesday again!

        With Google, it seems to be down to device manufactures, so not holding my breath (although my Samsung A12 just got another update last week!)

        With Apple, I have no clue. I've not properly used an Apple computer since I played with an Apple ][ many years ago :-)

        1. NoneSuch Silver badge
          Trollface

          Re: Expect updates soon

          Giving them a Tesla confuses me. I thought it was supposed to be a reward...

          1. MrDamage

            Re: Expect updates soon

            It is. Now they have a platform to test other attacks vectors, and sell them on for higher profit to three letter agencies.

          2. David 132 Silver badge
            Happy

            Re: Expect updates soon

            What you missed is that the second prize was two Teslas.

            (Paraphrasing a very old joke. I think the first time I heard it, the context was a fictional TV game show and the punchline was "...second prize, TWO weeks in Bognor!")

            1. Wzrd1 Silver badge

              Re: Expect updates soon

              The original joke was from W.C. Fields, first prize was a week in Philadelphia, second prize was two weeks in Philadelphia.

              1. Anonymous Coward
                Anonymous Coward

                Re: Expect updates soon

                The original joke was Ogg. First prize 1 week in cave with wife ...

          3. Anonymous Coward
            Anonymous Coward

            Re: Expect updates soon

            Given how vindictive El Jefe is, I'd definitely not let it drive it if I were them.

    2. Anonymous Coward
      Anonymous Coward

      @T. F. M. Reader - Re: Expect updates soon

      Nobody cares, security is always an afterthought. Otherwise we would see more OpenBSD-like systems around. And this is not a bad thing, there's a lot of money to be made.

      1. jollyboyspecial

        Re: @T. F. M. Reader - Expect updates soon

        It's been said many times before but Open BSD is likely only secure because it's so obscure. Nobody tries to find flaws because there's no mileage in finding them. In order for it to be worthwhile spending time breaking into a system there needs to be a large installed base.

        1. VoiceOfTruth

          Re: @T. F. M. Reader - Expect updates soon

          Oh dear. How little you understand.

          OpenBSD is specifically used in some places of high value. Some commercial firewalls are based on OpenBSD, i.e. at the first line of network defence. If you think there is no mileage in finding holes in firewalls, go back to security school.

          1. AdamWill

            Re: @T. F. M. Reader - Expect updates soon

            All the exploits of both Ubuntu (which it looks like they mostly just use as a proxy for "Linux in general" - most of these issues will likely turn out to affect most distros) and Windows were local user privilege escalations, which are of usually limited relevance to appliance-type devices like commercial firewalls.

      2. Wzrd1 Silver badge

        Re: @T. F. M. Reader - Expect updates soon

        Money to be made?

        Well, if one cannot be part of the solution, there's money to be made in prolonging the problem.

        I'll just get my hat...

    3. Wzrd1 Silver badge

      Re: Expect updates soon

      Yep, sounds like it's another year where everbody sucks.

      As usual.

  2. Brewster's Angle Grinder Silver badge

    Why Musk is upset that Twitter's source has leaked? Didn't he promise to open source the algorithms?*

    * Yes, pedants. I know there's a difference between algorithms and code. But does Musk? And the effect is the same: Twitter's algorithms are now open sourced.

    1. Eclectic Man Silver badge
      Facepalm

      Algorithms

      I know there's a difference between algorithms and code.

      A valid point, not everyone in position of authority knows what an algorithm is: "Nadine Dorries reportedly put her foot in it when she asked Microsoft when it was going to “get rid” of its algorithms – a feature not usually linked to the computer company."

      https://www.huffingtonpost.co.uk/entry/nadine-dorries-microsoft-algorithm-twitter_uk_62331aaee4b0d39357c37f9c

    2. DS999 Silver badge

      Because seeing the code will reveal what algorithms were NOT open sourced. You don't think he's going to open source the parts he wants to use for nefarious purposes, do you?

      This is the social media equivalent of greenwashing, he's going to pick and choose and only release the stuff that makes Twitter look good and innocent, and we'll have no way of knowing what else is not being released.

    3. CowHorseFrog Silver badge

      Most rich people are scumbags liars and a lot of other horrible attributes.

      They didnt get rich giving anything away...

      1. zuckzuckgo
        Coat

        >Most rich people are scumbags liars and a lot of other horrible attributes.

        Gives us all something to aspire to.

    4. Anonymous Coward
      Anonymous Coward

      Yes, when I read this I was immediately reminded of a major US public figure that promised repeatedly to release his tax returns - then fought tooth-and-nail to prevent them from being released.

  3. Anonymous Coward
    Anonymous Coward

    Take your pick......

    Quote: ' It concluded "GSA knowingly billed customer agencies over $10 million for services, including alleged IAL2 services that did not meet IAL2 standards." '

    Ha.......a mistake........or incompetence......or deliberate lying? Surely not lying!! No!! No!! ........

    1. Wzrd1 Silver badge

      Re: Take your pick......

      Nope. Lying about a mistake borne out of incompetence.

      You know, business as usual.

  4. Howard Sway Silver badge

    They found serious security flaws in Tesla cars and won....

    A brand new Tesla car. Never mind, you might not have it all that long, as a succession of other people "win" it who've done the same.

    1. yetanotheraoc Silver badge

      Re: They found serious security flaws in Tesla cars and won....

      It's the newest hacker bounty program, "Now you pwn it!'"

    2. DS999 Silver badge
      Trollface

      Re: They found serious security flaws in Tesla cars and won....

      A brand new Tesla car

      They should give them a stolen Tesla instead. If they are proper hackers it should be easy work for them to become its new "owner"!

  5. Eponymous Bastard
    Coat

    Disgruntled employee

    = hacker's friend = joint winner?

    I'll get my teflon outerwear.

  6. Ball boy Silver badge

    Discriminatory?

    "The report says IAL2 non-compliance was a matter of discussion as early as 2019.

    That discussion ended, according to the OIG report, when Vladlen "Dave" Zvenyach, former director of GSA's Technology Transformation Services (TTS), the group overseeing the development of the authentication service, determined that facial recognition via submitted selfies was discriminatory."

    Isn't that the whole idea of using facial recognition for authentication - that it's discriminatory? There's not a lot of point using it if can't discriminate between users! Perhaps, in context, the discrimination was that some had laptops with cameras/phones whilst other potential users didn't have the means to generate selfies.

    1. lglethal Silver badge
      Go

      Re: Discriminatory?

      More that facial recognition is bad at doing non-white people. And struggles more with women than men. So black women have a massively reduced chance of having their documentation checked correctly by facial recognition, and hence would have their authentification rejected. That would then be massively discriminatory. If it was equally bad at everyone, that would be better than being good with some and crap at others.

      Still them continuing to claim that they met the standard when they deliberately werent using the standard is utterly stupid.

      1. Brewster's Angle Grinder Silver badge
        Joke

        Kafka 101

        So you're saying it's discriminatory because it can't accurately discriminate?

        Jeez, can't an algorithm catch a break?!

      2. Cliffwilliams44 Silver badge

        Re: Discriminatory?

        So you saying all those iPhones out there owned by black women don't work with facial recognition?

        Sorry, not buying it! This is just more of the "equity" BS going on.

  7. Anonymous Coward
    Anonymous Coward

    $250b? Easy!

    Nothing a little inflation couldn't fix. Musk could be worth gajillion dollars if only a dollar wouldn't buy so many freedom fries.

    Maybe he knows someone who could help him to bigger numbers.

    1. bazza Silver badge

      Re: $250b? Easy!

      Perhaps he's planning on floating Twitter on the Zimbabwe stick market, in Zimbabwe dollars (that started off on a par with the US dollar, in 1980, and by the time it was all over in 2009 it had been rebaselined so that 1 "fourth" dollar was 10^25 of the original). Perhaps Musk has been inspired, and is doing the same with Twitter...

  8. Anonymous Coward
    Anonymous Coward

    Tesla hack

    Wear a Musk face mask.

    The car will open its doors to “Daddy”

  9. Alistair Dabbs

    Elon's response

    What was Elon's response? Call Synacktiv a bunch of pedos?

    1. CowHorseFrog Silver badge

      Re: Elon's response

      Musk fanbois dont care about any truth...

      As long as Musk is mentioned they can mentally make any statement strawberries and cream, just like religious nutters.

  10. Wzrd1 Silver badge

    So, yay!

    Last week's news delivered again today.

    I wonder, is El Reg next gonna give me last week's weather?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like