David Berard and Vincent Dehors

0-Click RCE on the Tesla Infotainment Through Cellular Network


This talk details the exploit chain demonstrated at pwn2own automotive 2024, showcasing the remote code execution (RCE) on Tesla's infotainment system via the cellular network. The attack compromised two critical systems: the connectivity card, responsible for cellular connectivity, and the infotainment system, controlling the main display in the vehicle. Additionally, the exploit chain includes a Tesla's Linux Security Module bypass and a network sandbox escape, granting the attacker the capability to send legitimate Controller Area Network (CAN) messages and have physical impacts on the car (like openning the doors / trunk / ...).


David Berarde is a security expert in Synacktiv's engineering team. He is specialized in mobile and embedded systems reverse engineering, vulnerability research and exploit development.

Vincent Dehors has worked on the design and development of many products as a low-level software engineer. Now he is doing vulnerability research and exploit development at Synacktiv. He likes giraffes.