"Höhepunkt des zweiten Tages war jedoch ein Angriff auf das #Tesla Infotainment-System. Zwei Mitarbeiter von Synacktiv erhielten Root-Zugriff auf das System, nachdem sie einen Heap-Überlauf mit einem Out-of-Bounds-Schreibfehler kombinierten. Ihre Präsentation qualifizierte sich für einen Tier-2-Preis – was den Forschern ein Preisgeld von 250.000 Dollar bescherte."

https://www.zdnet.de/88408013/pwn2own-2023-erfolgreiche-angriffe-gegen-ubuntu-und-oracle-virtualbox/

#Pwn2Own

#Tesla #Car #Hacked_Remotely From #Drone via #Zero_Click #Exploit | Two #Researchers have shown how a Tesla — and #possibly #other_cars — can be hacked remotely #without #any_user_interaction. They carried out the #attack from a drone.

This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of #Comsecuris. The analysis was initially carried out for the #Pwn2Own 2020 #hacking_competition — the #contest offered a car and other significant #prizes for #hacking a #Tesla — but the findings were later reported to Tesla through its #bug_bounty program after Pwn2Own organizers decided to #temporarily_eliminate the automotive category due to the coronavirus #pandemic.

The attack, dubbed #TBONE, involves #exploitation of two #vulnerabilities affecting #ConnMan, an internet #connection_manager for #embedded_devices. An attacker can exploit these #flaws to take #full_control of the #infotainment_system of a Tesla #without any #user_interaction.

A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes. However, the researchers explained, “This attack does not yield drive control of the car though.”

They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models.

https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit

TastingTraffic LLC

Founder of #SEO (Search Engine Optimization)
Founder of #RTB (Real Time Bidding)
Founder of #HFT (High Frequency Trading)

Disclaimer: https://tastingtraffic.net and/or http://JustBlameWayne.com (Decentralized SOCIAL Network) and/or its owners [http://tastingtraffic.com] are not affiliates of this provider or referenced image used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.

#Tesla #Car #Hacked_Remotely From #Drone via #Zero_Click #Exploit | Two #Researchers have shown how a Tesla — and #possibly #other_cars — can be hacked remotely #without #any_user_interaction. They carried out the #attack from a drone.

This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of #Comsecuris. The analysis was initially carried out for the #Pwn2Own 2020 #hacking_competition — the #contest offered a car and other significant #prizes for #hacking a #Tesla — but the findings were later reported to Tesla through its #bug_bounty program after Pwn2Own organizers decided to #temporarily_eliminate the automotive category due to the coronavirus #pandemic.

The attack, dubbed #TBONE, involves #exploitation of two #vulnerabilities affecting #ConnMan, an internet #connection_manager for #embedded_devices. An attacker can exploit these #flaws to take #full_control of the #infotainment_system of a Tesla #without any #user_interaction.

A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes. However, the researchers explained, “This attack does not yield drive control of the car though.”

They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models.

https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit

TastingTraffic LLC

Founder of #SEO (Search Engine Optimization)
Founder of #RTB (Real Time Bidding)
Founder of #HFT (High Frequency Trading)

Disclaimer: https://tastingtraffic.net and/or http://JustBlameWayne.com (Decentralized SOCIAL Network) and/or its owners [http://tastingtraffic.com] are not affiliates of this provider or referenced image used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.

#Tesla #Car #Hacked_Remotely From #Drone via #Zero_Click #Exploit | Two #Researchers have shown how a Tesla — and #possibly #other_cars — can be hacked remotely #without #any_user_interaction. They carried out the #attack from a drone.

This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of #Comsecuris. The analysis was initially carried out for the #Pwn2Own 2020 #hacking_competition — the #contest offered a car and other significant #prizes for #hacking a #Tesla — but the findings were later reported to Tesla through its #bug_bounty program after Pwn2Own organizers decided to #temporarily_eliminate the automotive category due to the coronavirus #pandemic.

The attack, dubbed #TBONE, involves #exploitation of two #vulnerabilities affecting #ConnMan, an internet #connection_manager for #embedded_devices. An attacker can exploit these #flaws to take #full_control of the #infotainment_system of a Tesla #without any #user_interaction.

A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes. However, the researchers explained, “This attack does not yield drive control of the car though.”

They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models.

https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit

TastingTraffic LLC

Founder of #SEO (Search Engine Optimization)
Founder of #RTB (Real Time Bidding)
Founder of #HFT (High Frequency Trading)

Disclaimer: https://tastingtraffic.net and/or http://JustBlameWayne.com (Decentralized SOCIAL Network) and/or its owners [http://tastingtraffic.com] are not affiliates of this provider or referenced image used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.

#Tesla #Car #Hacked_Remotely From #Drone via #Zero_Click #Exploit | Two #Researchers have shown how a Tesla — and #possibly #other_cars — can be hacked remotely #without #any_user_interaction. They carried out the #attack from a drone.

This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of #Comsecuris. The analysis was initially carried out for the #Pwn2Own 2020 #hacking_competition — the #contest offered a car and other significant #prizes for #hacking a #Tesla — but the findings were later reported to Tesla through its #bug_bounty program after Pwn2Own organizers decided to #temporarily_eliminate the automotive category due to the coronavirus #pandemic.

The attack, dubbed #TBONE, involves #exploitation of two #vulnerabilities affecting #ConnMan, an internet #connection_manager for #embedded_devices. An attacker can exploit these #flaws to take #full_control of the #infotainment_system of a Tesla #without any #user_interaction.

A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes. However, the researchers explained, “This attack does not yield drive control of the car though.”

They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models.

https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit

TastingTraffic LLC

Founder of #SEO (Search Engine Optimization)
Founder of #RTB (Real Time Bidding)
Founder of #HFT (High Frequency Trading)

Disclaimer: https://tastingtraffic.net and/or http://JustBlameWayne.com (Decentralized SOCIAL Network) and/or its owners [http://tastingtraffic.com] are not affiliates of this provider or referenced image used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.

Referenced link: https://www.darkreading.com/application-security/hackers-score-nearly-1-million-at-device-focused-pwn2own-contest
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1602689811931975681#m

Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest https://www.darkreading.com/application-security/hackers-score-nearly-1-million-at-device-focused-pwn2own-contest by @roblemos #Pwn2Own

This Week in Security: In Mudge We Trust, Don’t Trust That App Browser, and Firefox at Pwn2Own

https://hackaday.com/2022/08/26/this-week-in-security-in-mudge-we-trust-dont-trust-that-app-browser-and-firefox-at-pwn2own/

#ThisWeekinSecurity #HackadayColumns #SecurityHacks #Pwn2Own #Mudge #News