Researcher Jacob Archuleta, known on the network under the pseudonym Nullze, found that the Tesla Model 3 interface is vulnerable to DoS attacks (Denial of Service).The bug received the identifier CVE-2020-10558, and with its help, an attacker could cause the car’s main touchscreen to stop responding to user requests.
After some trial of an error, Nullze discovered that it was possible for an attacker to crash the Chromium-based interface after tricking drivers into visiting a specially crafted web page.
“The vulnerability allows attackers to remove the speedometer, web browser, climate control, turn signals, navigation, autopilot notifications, as well as other functions from the main screen”, — the specialist explains in his blog.
To exploit the vulnerability, an attacker must force the user to go to a specially crafted malicious web page. This page will provoke a crash of the Chromium browser interface and, in fact, will bring down the entire Tesla Model 3 interface. Driving a car is still possible and the vulnerability cannot pose a potential threat to the lives of passengers.
Here you can recall the old joke that it is good that Microsoft does not produce cars with the Windows interface – for example, this exploit would then be a serious threat.
To return the Tesla Model 3 display to working capacity, you will have to turn the car off and on again. Team Flouroacetate, a research duo who discovered a just-in-time (JIT) bug in the browser of a Tesla Model 3 during a Pwn2Own competition last year, inspired the avenue of attack.
Richard Zhu and Amat Cama harnessed the flaw to display their own message on the Tesla 3’s infotainment system, whereas Archuleta’s hack crashed the interface completely.
Jacob Archuleta also created a video demo of his exploit.
The researcher notified the company of the problem through an official bug bounty program on Bugcrowd.
It is known that the company rewarded Nullze for detecting a bug, but the amount of the reward was not disclosed (usually Tesla offers from 100 to 15,000 dollars for vulnerabilities).
“I earned some money from Tesla through Bugcrowd. I am attempting to learn more on it, but right now I wouldn’t consider myself an expert in the field”, — Archuleta explained.
The vulnerability was fixed with the release of firmware version 2020.4.10, in February this year.
Tesla owners who have not yet installed the update can examine the vulnerability using a proof-of-concept exploit published by Nullze.