Tag Archive for: Tesla

Security Researchers Win Second Tesla At Pwn2Own


A team of French security researchers have won a Tesla Model 3 and $200,000 after finding a zero-day vulnerability in a vehicle’s electronic control unit (ECU).

The Synacktiv team were at the top of the leaderboard after one day of Pwn2Own Vancouver 2024, the latest hacking contest held by Trend Micro’s Zero Day Initiative (ZDI).

Little is known about the vulnerability, as all bugs discovered during the course of the competition are responsibly disclosed to the relevant vendor for patching. However, what we do know is that Synacktiv used a single integer overflow flaw to exploit a Tesla ECU with Vehicle (VEH) CAN BUS Control. This is the second car they’ve won in Pwn2Own competitions.

Read more on Pwn2Own: Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities

Day one of the contest saw the ZDI hand out $732,500 for 19 unique zero-day vulnerabilities, which will ultimately help the vendors participating in the competition make their products more secure.

Other highlights included Manfred Paul, who was awarded a total of $102,500 on the day after achieving remote code execution (RCE) on Apple Safari with an integer underflow bug and demonstrating a PAC bypass using a weakness in the same browser.

In round two of the contest, he executed a double-tap exploit on both Chrome and Edge browsers with a rare CWE-1284 “improper validation of specified quantity in input” vulnerability.

Just behind Paul on the Pwn2Own leaderboard is South Korean Team Theori, which earned $130,000 after combining an uninitialized variable bug, a use-after-free (UAF) vulnerability and a heap-based buffer overflow to escape a VMware Workstation and then execute code as system on the host Windows OS.

Competitors in Vancouver yesterday also received prize money for finding zero-days in Adobe Reader, Windows 11, Ubuntu Linux and Oracle VirtualBox.

A total of $1.3m is up for grabs in cash and prizes across the three-day event.

Image credit: canadianPhotographer56 / Shutterstock.com

Source…

Hackers break into Tesla autopilot with €600 equipment


A team of German computer science students have broken into Tesla’s in-car operating system and autopilot with basic equipment that cost only €600.

For some years hackers have been testing the electric carmaker’s defences, usually without much to show for their efforts.

In March one group of cybersecurity experts based in France took less than two minutes to gain access to some of a Tesla vehicle’s onboard computers from a distance, allowing them to turn the lights on and off, honk the horn and activate the windscreen wipers.

Tesla has been the target of repeated hacking attempts

Tesla has been the target of repeated hacking attempts

ODD ANDERSEN/AFP VIA GETTY IMAGES

Five months later security researchers in Germany cracked the processor in another Tesla system, highlighting a vulnerability that could allow technologically adept or unusually parsimonious drivers to trick the system into unlocking features they have not paid

Source…

New Agent Tesla Variant Uses Excel Exploit to Infect Windows PC


The new Agent Tesla variant exploits CVE-2017-11882/CVE-2018-0802 vulnerability to execute the malware. 

Key Findings

  • A new variant of the Agent Tesla malware family is being used in a phishing campaign.
  • The malware can steal credentials, keylogging data, and active screenshots from the victim’s device.
  • The malware is spread through a malicious MS Excel attachment in phishing emails.
  • The malware exploits an old security vulnerability (CVE-2017-11882/CVE-2018-0802) to infect Windows devices.
  • The malware ensures persistence even when the device is restarted or the malware process is killed.

New Agent Tesla Variant Detected in Malicious Phishing Campaign

FortiGuard Labs threat researchers have detected a new variant of the notorious Agent Tesla malware family used in a phishing campaign. Report author Xiaopeng Zhang revealed that the malware can steal “credentials, keylogging data, and active screenshots” from the victim’s device. Stolen data is transferred to the malware operator through email or SMTP protocol. The malware mainly infects Windows devices.

For your information, Agent Tesla malware is also offered as a Malware-as-a-Service tool. The malware variants use a data stealer and .NET-based RAT (remote access trojan) for initial access.

How Phishers Trap Users?

This is a phishing campaign, so initial access is gained through a phishing email designed to trick users into downloading the malware. The email is a Purchase Order notification that asks the recipient to confirm their order from an industrial equipment supplier.

The email contains a malicious MS Excel attachment titled Order 45232429.xls. This document is in OLE format and contains crafted equation data that exploits an old security RCE vulnerability tracked as CVE-2017-11882/CVE-2018-0802 instead of using a VBS macro.

This vulnerability causes memory corruption in the EQNEDT32.EXE process and allows arbitrary code execution through ProcessHollowing method, in which a hacker replaces the executable file’s code with malicious code.

A shellcode download/execute the Agent Tesla file (dasHost.exe) from this link “hxxp://2395.128.195/3355/chromium.exe” onto the targeted…

Source…

Tesla Hackers Find ‘Unpatchable’ Jailbreak to Unlock Paid Features for Free


Tesla Infotainment MCU Hack Blackhat

Tesla Infotainment MCU Hack Blackhat

A security researcher along with three PhD students from Germany have reportedly found a way to exploit Tesla’s current AMD-based cars to develop what could be the world’s first persistent “Tesla Jailbreak.”

The team published a briefing ahead of their presentation at next week’s Blackhat 2023. There, they will present a working version of an attack against Tesla’s latest AMD-based media control unit (MCU). According to the researchers, the jailbreak uses an already-known hardware exploit against a component in the MCU, which ultimately enables access to critical systems that control in-car purchases—and perhaps even tricking the car into thinking these purchases are already paid for.

Tesla Infotainment MCU Hack

Tesla Infotainment MCU Hack

“Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities,” wrote the researchers in the briefing. “More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying.”

Separately, the attack will allow researchers to extract a vehicle-specific cryptography key that is used to authenticate and authorize a vehicle within Tesla’s service network.

According to the researchers, the attack is unpatchable on current cars, meaning that no matter what software updates are pushed out by Tesla, attackers—or perhaps even DIY hackers in the future—can run arbitrary code on Tesla vehicles as long as they have physical access to the car. Specifically, the attack is unpatchable because it’s not an attack directly on a Tesla-made component, but rather against the embedded AMD Secure Processor (ASP) which lives inside of the MCU.

It’s unclear of the specifics of this attack, at least until next week’s talk, but researchers say that they use “low-cost, off-the-self hardware” to accomplish it. This attack is complicated, but using a previous presentation at Black Hat 2022 given in part by Niklas Jacob…

Source…