Hackers could have caused a Tesla Model 3’s central touchscreen to become unusable simply by getting the targeted user to visit a specially crafted website. The car maker has released a software update that patches the vulnerability.
A researcher who uses the online moniker Nullze discovered that the Tesla Model 3’s web interface is affected by a denial-of-service (DoS) vulnerability.
The flaw, tracked as CVE-2020-10558 and blamed on “improper process separation,” allows an attacker to cause the central display to become unresponsive.
“[The vulnerability] allows attackers to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen,” Nullze explained in a blog post.
“To exploit the vulnerability, a user has to go to a specially crafted web page. This web page will crash the chromium-based browser interface and inherently crash the entire Tesla Model 3 interface,” he added.
The researcher pointed out that while exploitation of the vulnerability causes the central display to crash, the car can still be driven. The display starts working once the car has been turned off and turned on again.
The vulnerability was reported to Tesla through the electric car maker’s bug bounty program on Bugcrowd. The researcher was awarded an undisclosed bug bounty for his findings.
Tesla offers between $100 and $15,000 for vulnerabilities. Last year, the company awarded $10,000 to a researcher who discovered a stored cross-site scripting (XSS) vulnerability that could have been exploited to obtain vehicle information.
The company patched the flaw r ..
Support the originator by clicking the read the rest link below.
