Tesla Wall Connector Charger Hacked Through Charging Port in 18-Minute Attack

Tesla’s popular Wall Connector home charging system was exploited during the January 2025 Pwn2Own Automotive competition, demonstrating how attackers could gain control of the device through the charging cable itself.

The groundbreaking attack targeted the Tesla Wall Connector Gen 3, a residential AC electric vehicle charger capable of delivering up to 22 kW of power and commonly installed in homes, hotels, and businesses worldwide.

The vulnerability allowed researchers to achieve arbitrary code execution on the device, potentially providing attackers with access to private networks where these chargers are installed.

Tesla Wall Connector Charger Hacked

What makes this attack particularly concerning is its use of the charging connector as the primary entry point. The researchers discovered that Tesla vehicles can update Wall Connectors through the charging cable using a proprietary protocol, a feature that had never been publicly documented or analyzed before.

“We found that Tesla cars appear to be capable of updating the Tesla Wall Connector through the charging cable,” the Synacktiv team explained in their technical report. “This feature is not publicly documented from a user perspective, and neither the hardware nor the underlying protocol has been publicly analyzed.”

The attack exploited communication over the Control Pilot (CP) line using Single-Wire CAN (SWCAN), a non-standard protocol for this type of application. By building a custom Tesla car simulator, the researchers could communicate with the charger and exploit a critical logic flaw.

The exploit required significant technical sophistication. Researchers built custom hardware, including a modified USB-CAN adapter, and used a Raspberry Pi to control relays that simulated Tesla vehicle behavior. The attack involved downgrading the Wall Connector’s firmware to an older version (0.8.58) that contained debug features not present in current releases.

Once the firmware was downgraded, attackers could extract Wi-Fi credentials for the charger’s setup network and access a TCP debug shell. The researchers then exploited a buffer overflow vulnerability in the debug shell’s command parsing logic to achieve arbitrary code execution.

“The exploit worked on the first attempt during Pwn2Own, completing in approximately 18 minutes, mainly due to the low bandwidth of the SWCAN bus,” the team reported.

The vulnerability poses significant security risks since Wall Connectors are typically connected to private networks. Successful exploitation could provide attackers with a foothold into home, hotel, or business networks, potentially enabling lateral movement to other connected devices.

The attack demonstrated during the competition involved making the device’s LED blink as a proof-of-concept, but the implications extend far beyond simple visual confirmation.

With arbitrary code execution capabilities, attackers could potentially manipulate charging processes, access network traffic, or use the compromised device as a launching point for broader network attacks.

Tesla has responded to the vulnerability disclosure by implementing anti-downgrade mechanisms in newer firmware versions, which prevent the firmware rollback technique that was central to the researchers’ attack strategy.

The Pwn2Own Automotive competition continues to serve as a crucial testing ground for identifying vulnerabilities in connected vehicle systems and related infrastructure, helping manufacturers improve security before malicious actors can exploit these flaws in real-world scenarios.

Live Credential Theft Attack Unmask & Instant Defense – Free Webinar