The Synacktiv team wins $100,000 and a Model 3 at Pwn2Own
@thezdi (Edited by NATA)
Tesla returned as a sponsor at the Pwn2Own 2023 event, offering cash prizes and cars to white-hat hackers who could uncover security vulnerabilities in their vehicles. The Synacktiv team, a security company based in France, took up the challenge, which successfully hacked a Tesla Model 3, earning them $100,000 and the vehicle as a prize.
Tesla Takes Cybersecurity Seriously at Pwn2Own Event
The annual Pwn2Own hacker contest is known for its high stakes, and Tesla's involvement in the event demonstrates the company's commitment to cybersecurity. This year, the electric vehicle (EV) manufacturer brought a Model 3 and a Model S as targets for hackers. Tesla offered a top prize of $600,000 plus the car to any individual or team who could display a complex exploit chain leading to a complete vehicle compromise.
Synacktiv Demonstrates Complex Exploit, Earning Top Prize
The Synacktiv team rose to the challenge, executing a Time of Check to Time of Use (TOCTOU) attack against the Tesla Energy Gateway. This type of cybersecurity vulnerability occurs when an attacker exploits the small-time window between a resource's check and use, allowing unauthorized access or modification of the resource during that brief period.
This is the second year in a row that Synacktiv has successfully demonstrated an exploit in a Tesla Model 3 at the Pwn2Own event. Last year, they managed to exploit the vehicle's infotainment system, but the complexity of the hack was not enough to win the car. This year, however, their successful TOCTOU attack earned them $100,000 and the Model 3 and 10 Master of Pwn points.
Event Highlights Vehicle Security in a Connected World
Tesla's participation in Pwn2Own highlights the importance of vehicle security as EVs become more connected and sophisticated. As technology advances, so does the need for robust security measures to protect drivers, passengers, and cars from potential cyberattacks.
Tesla recently released how the company collects and uses information about its owners and drivers. It also instructed owners on how to get information the company has and how to delete it.
By inviting white-hat hackers to test their vehicles' security systems, Tesla can gather valuable information about potential vulnerabilities and develop stronger defenses for their cars. This proactive approach to cybersecurity sets a positive example for the automotive industry and demonstrates Tesla's commitment to maintaining the highest level of safety for its customers.
Tesla’s been on a roll with Supercharger improvements lately, from the 325kW charging update for the Cybertruck, to 500kW with V4 Superchargers coming next year. While those improvements have been limited to the Cybertruck, Tesla didn’t put all their focus on their new flagship vehicle, but looked at their more affordable vehicles as well.
LFP Battery Heating
Tesla’s Superchargers can now heat LFP Batteries - those that are in the Model 3 and Model Y Rear Wheel Drive variants. This applies to Long Range and Standard Range models, which saw a limited run. This is another update included as part of the 2024 Tesla Holiday Update - which really arrived with a lot of unannounced new features and capabilities.
The change is pretty interesting - Superchargers of the V3 and V4 variety can now pre-heat batteries for Model 3 and Model Y vehicles equipped with LFP battery packs. That means those vehicles are able to get back on the road faster when it's extremely cold. Of course, Tesla still advises you to precondition before you arrive, saving drivers time and money.
Max de Zegher, Tesla’s Director of Charging, also commented on the new feature. Essentially, Tesla is inducing an AC (alternating) ripple current through the battery to warm it up. Keep in mind that Superchargers are DC charging. That means it is possible to get a cold-soaked LFP vehicle on the road 4x faster than before, assuming that it didn’t precondition at all and that it is in the worst-case scenario (below 0ºF).
In essence, Tesla is using some engineering magic to turn the circuits inside the LFP battery into an electric heater - and powering that heater through the Supercharger. An AC ripple current is a small oscillation in the DC charging current that generates heat through electrical resistance, warming up the battery. Those ripples are a byproduct of converting AC to DC and back - so Tesla is using the onboard charger to induce those ripples to warm up the battery. Definitely an innovative technique that’s really only possible with the versatility of the NACS connector.
We’re hoping Tesla can implement this across their full lineup of vehicles, but we’ll have to wait and see how it is trialed across LFP vehicles first and if it is even possible on vehicles with 2170 or 4680 battery packs.
Tesla launched two FSD updates simultaneously on Saturday night, and what’s most interesting is that they arrived on the same software version. We’ll dig into that a little later, but for now, there’s good news for everyone. For Hardware 3 owners, FSD V12.6.1 is launching to all vehicles, including the Model 3 and Model Y. For AI4 owners, FSD V13.2.4 is launching, starting with the Cybertruck.
FSD V13.2.4
A new V13 build is now rolling out to the Cybertruck and is expected to arrive for the rest of the AI4 fleet soon. However, this build seems to be focused on bug fixes. There are no changes to the release notes for the Cybertruck with this release, and it’s unlikely to feature any changes when it arrives on other vehicles.
FSD V12.6.1 builds upon V12.6, which is the latest FSD version for HW3 vehicles. While FSD V12.6 was only released for the redesigned Model S and Model X with HW3, FSD V12.6.1 is adding support for the Model 3 and Model Y.
While this is only a bug-fix release for users coming from FSD V12.6, it includes massive improvements for anyone coming from an older FSD version. Two of the biggest changes are the new end-to-end highway stack that now utilizes FSD V12 for highway driving and a redesigned controller that allows FSD to drive “V13” smooth.
It also adds speed profiles, earlier lane changes, and more. You can read our in-depth look at all the changes in FSD V12.6.
Same Update, Multiple FSD Builds
What’s interesting about this software version is that it “includes" two FSD updates, V12.6.1 for HW3 and V13.2.4 for HW4 vehicles. While this is interesting, it’s less special when you understand what’s happening under the hood.
The vehicle’s firmware and Autopilot firmware are actually completely separate. While a vehicle downloading a firmware update may look like a singular process, it’s actually performing several functions during this period. First, it downloads the vehicle’s firmware. Upon unpacking the update, it’s instructed which Autopilot/FSD firmware should be downloaded.
While the FSD firmware is separate, the vehicle can’t download any FSD update. The FSD version is hard-coded in the vehicle’s firmware that was just downloaded. This helps Tesla keep the infotainment and Autopilot firmware tightly coupled, leading to fewer issues.
What we’re seeing here is that HW3 vehicles are being told to download one FSD version, while HW4 vehicles are being told to download a different version.
While this is the first time Tesla has had two FSD versions tied to the same vehicle software version, the process hasn’t actually changed, and what we’re seeing won’t lead to faster FSD updates or the ability to download FSD separately. What we’re seeing is the direct result of the divergence of HW3 and HW4.
While HW3/4 remained basically on the same FSD version until recently, it is now necessary to deploy different versions for the two platforms. We expect this to be the norm going forward, where HW3 will be on a much different version of FSD than HW4. While each update may not include two different FSD versions going forward, we may see it occasionally, depending on which features Autopilot is dependent on.
Thanks to Greentheonly for helping us understand what happened with this release and for the insight into Tesla’s processes.
_300w.png)
