Researchers break into Tesla Model 3 at hackathon

The big picture: The Zero Day Initiative works with vendors like Tesla to create a series of hacking challenges for participants to try to overcome.

• The challenges vary in difficulty: For the Tesla challenge, the easiest task involved exploiting the car's Bluetooth/Wi-Fi systems and the hardest would have resulted in a takeover of the Tesla's autopilot feature.

Details: Synacktiv's research team was able to exploit two vulnerabilities in the Tesla Model 3 — one in the Gateway energy management system and the other in the infotainment center — to gain just enough access to the car's controls that driving would be unsafe.

• In the campaign targeting the Gateway, Synacktiv's team was able to open the front of the car, as well as the doors, while the vehicle was in motion.
• To target the infotainment center, the team exploited a flaw in the Bluetooth chip set to gain what's known as "root access," which typically means intruders have the ability to download apps and other device-specific controls.
• The competition wasn't conducted on the actual vehicle itself over fears that it could impact other nearby Teslas or result in hackers being able to move the vehicle through the conference center, Dustin Childs, head of threat awareness at the Zero Day Initiative, told Axios.

The intrigue: Tesla, which is a sponsor of the Pwn2Own competition, was on-site to learn about the security flaws hackers found so they could start working on patches.

What's next: Tesla is expected to issue a patch to fix the bug hackers found within the next three months, although Childs said the automaker has historically released patches from previous Pwn2Own competitions earlier than that.

Sign up for Axios’ cybersecurity newsletter Codebook here