Tesla charger and laptop where on screen hacker and lock sign

Tesla’s widely used Wall Connector home charging system was compromised during the January 2025 Pwn2Own Automotive competition, revealing how attackers can gain control of the device through the charging cable itself.

This groundbreaking attack targeted the Tesla Wall Connector Gen 3, a residential AC electric vehicle charger capable of delivering up to 22 kW of power and commonly installed in homes, hotels, and businesses worldwide. The vulnerability allowed researchers to achieve arbitrary code execution on the device, potentially granting attackers access to private networks where these chargers are installed.

Exploiting the Charging Connector What makes this attack particularly alarming is its use of the charging connector as the primary entry point.

Tesla charger and laptop where on screen hacker and lock signTesla charger and laptop where on screen hacker and lock sign

Researchers discovered that Tesla vehicles can update Wall Connectors through the charging cable using a proprietary protocol, a feature that had never been publicly documented or analyzed before.

“We found that Tesla cars appear to be capable of updating the Tesla Wall Connector through the charging cable,” explained the Synacktiv team in their technical report. “This feature is not publicly documented from a user perspective, and neither the hardware nor the underlying protocol has been publicly analyzed.”

Technical Details of the Attack The attack exploited communication over the Control Pilot (CP) line using Single-Wire CAN (SWCAN), a non-standard protocol for this type of application. By building a custom Tesla car simulator, the researchers were able to communicate with the charger and exploit a critical logic flaw.

Tesla charger and laptop Tesla charger and laptop

The exploit required significant technical expertise. Researchers constructed custom hardware, including a modified USB-CAN adapter, and utilized a Raspberry Pi to control relays that simulated Tesla vehicle behavior. The attack involved downgrading the Wall Connector’s firmware to an older version (0.8.58) that contained debug features not present in current releases.

Once the firmware was downgraded, attackers could extract Wi-Fi credentials for the charger’s setup network and access a TCP debug shell. The researchers then exploited a buffer overflow vulnerability in the debug shell’s command parsing logic to achieve arbitrary code execution.

“The exploit worked on the first attempt during Pwn2Own, completing in approximately 18 minutes, mainly due to the low bandwidth of the SWCAN bus,” the team reported.

Security Implications This vulnerability poses significant security risks, as Wall Connectors are typically connected to private networks. Successful exploitation could provide attackers with a foothold into home, hotel, or business networks, potentially enabling lateral movement to other connected devices.

The attack demonstrated during the competition involved making the device’s LED blink as a proof-of-concept, but the implications extend far beyond simple visual confirmation. With arbitrary code execution capabilities, attackers could manipulate charging processes, access network traffic, or use the compromised device as a launching point for broader network attacks.