sb-as logo
Story image

Tesla wants people to hack its Model 3

15 Jan 2019

Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.

Tesla joins Microsoft and VMware as partners in this year’s Pwn2Own contest in Vancouver, Canada, which will be held in March.

According to Tesla’s vice president of vehicle software David Lau, the company’s work with the security research is invaluable, particularly since the company strives to develop its cars with the highest safety standards “in every respect”.

“Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle – we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community,” says Lau.

In the Tesla Model 3 category, there are a number of target systems, including WiFi and Bluetooth systems, infotainment, autopilot, key fob and phone-as-a-key systems, modem or tuner, and others. The largest prices will be awarded to those who find vulnerabilities in the vehicle’s ‘Gateway, Autopilot, or VCSEC systems, which could net participants up to $250,000. On top of that, the grand winner will also win a Tesla Model 3.

“We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems,” continues Lau.

The full list of targets in this year’s contest include the Tesla Model 3, Oracle VirtualBox, VMware Workstation, VMware ESXi, Microsoft Hyper-V Client, Google Chrome, Microsoft Edge, Apple Safari, Mozilla Firefox, Adobe Reader, Microsoft Office 365, Microsoft Outlook, and Microsoft Windows RDP.

“With the recent announcement of Microsoft moving to a Chromium-based engine, exploits on Google Chrome definitely earn a premium over Edge, Safari, and Firefox,” says Pwn2Own.

“A browser exploit ranges from $40,000 for Firefox up to $80,000 for Chrome. We’re also offering $80,000 for anyone who can successfully exploit Edge with a Windows Defender Application Guard (WDAG) specific escape from the WDAG container to the host OS – something we’ve never seen at Pwn2Own before.”

“Contestants can add on another $70,000 if they escape the virtual machine and execute code on the host OS. Some say the browser is the gateway to the cloud. It’s certainly the gateway to online shopping. Either way, bugs in these products have a broad impact.”

Collectively, more than $1 million in cash prizes could be awarded to participants.

“Over the years we have added new targets and categories to direct research efforts toward areas of growing concern for businesses and consumers. This year, we’ve partnered with some of the biggest names in technology to further this commitment and continue driving relevant vulnerability research,” comments Trend Micro senior director of vulnerability research, Brian Gorenc.

Trend Micro also says it is working with the competition with the focus of expanding its focus on securing the connected world by partnering with major vendors.

Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More
Story image
Dell Technologies unveils new data protection innovations for hybrid cloud workloads
The Dell EMC PowerProtect Backup Service, powered by Druva, is designed to deliver SaaS app protection without increasing IT complexity.More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More