Tesla Wall Connector Compromised via Charging Port in 18-Minute Cyberattack

Security researchers demonstrated multiple critical vulnerabilities in Tesla’s Wall Connector electric vehicle charger during Pwn2Own Automotive 2025 in Tokyo.

The most technically sophisticated attack came from Synacktiv, who exploited the device through its charging port using a novel downgrade attack.

Their method involved simulating Tesla vehicle communication protocols to force a firmware rollback to a vulnerable version (0.8.58), exposing debug features that allowed full device takeover.

The attack chain began by reverse-engineering Tesla’s proprietary Single-Wire CAN (SWCAN) protocol on the Control Pilot line.

Researchers built custom hardware to emulate vehicle signaling, then exploited a missing firmware signature check to install an older firmware containing debug backdoors.

Once downgraded, Unified Diagnostic Services (UDS) commands extracted Wi-Fi credentials (SSID/PSK), enabling access to a debug shell with a buffer overflow vulnerability in command parsing.

Key Exploits and Rewards

Synacktiv’s hardware setup included a Raspberry Pi-controlled relay system to simulate PP/CP signaling and a modified USB-CAN adapter for SWCAN communication.

The low bus speed (33.3 kbps) extended the exploit process to 18 minutes, during which they demonstrated arbitrary code execution by blinking the charger’s LED.

Tesla has since patched the vulnerability by implementing anti-downgrade mechanisms, preventing firmware rollbacks.

The event highlighted critical infrastructure risks, as compromised chargers could serve as entry points to home or business networks.

These exploits contributed to the $129,500 total awarded for Tesla charger vulnerabilities during the competition.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates