The analysis was initially carried out for the Pwn2Own 2020 hacking competition the contest offered a car and other significant prizes for hacking a Tesla but the findings were later reported to Tesla through its bug bounty program after Pwn2Own organizers decided to temporarily eliminate the automotive category due to the coronavirus pandemic.
The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. An attacker can exploit these flaws to take full control of the infotainment system of a Tesla without any user interaction.
A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes.
They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters. They claimed the exploit worked against Tesla S, 3, X and Y models.
Adding a privilege escalation exploit such as CVE-2021-3347 to TBONE would allow us to load new Wi-Fi firmware in the Tesla car, turning it into an access point which could be used to exploit other Tesla cars that come into the victim car’s proximity. We did not want to weaponize this exploit into a worm. Tesla patched the Vulnerabilities in October 2020
The researchers learned that the ConnMan component is widely used in the automotive industry, which could mean that similar attacks can be launched against other vehicles as well.