sb-nz logo
Story image

Tesla wants people to hack its Model 3

15 Jan 2019

Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.

Tesla joins Microsoft and VMware as partners in this year’s Pwn2Own contest in Vancouver, Canada, which will be held in March.

According to Tesla’s vice president of vehicle software David Lau, the company’s work with the security research is invaluable, particularly since the company strives to develop its cars with the highest safety standards “in every respect”.

“Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle – we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community,” says Lau.

In the Tesla Model 3 category, there are a number of target systems, including WiFi and Bluetooth systems, infotainment, autopilot, key fob and phone-as-a-key systems, modem or tuner, and others. The largest prices will be awarded to those who find vulnerabilities in the vehicle’s ‘Gateway, Autopilot, or VCSEC systems, which could net participants up to $250,000. On top of that, the grand winner will also win a Tesla Model 3.

“We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems,” continues Lau.

The full list of targets in this year’s contest include the Tesla Model 3, Oracle VirtualBox, VMware Workstation, VMware ESXi, Microsoft Hyper-V Client, Google Chrome, Microsoft Edge, Apple Safari, Mozilla Firefox, Adobe Reader, Microsoft Office 365, Microsoft Outlook, and Microsoft Windows RDP.

“With the recent announcement of Microsoft moving to a Chromium-based engine, exploits on Google Chrome definitely earn a premium over Edge, Safari, and Firefox,” says Pwn2Own.

“A browser exploit ranges from $40,000 for Firefox up to $80,000 for Chrome. We’re also offering $80,000 for anyone who can successfully exploit Edge with a Windows Defender Application Guard (WDAG) specific escape from the WDAG container to the host OS – something we’ve never seen at Pwn2Own before.”

“Contestants can add on another $70,000 if they escape the virtual machine and execute code on the host OS. Some say the browser is the gateway to the cloud. It’s certainly the gateway to online shopping. Either way, bugs in these products have a broad impact.”

Collectively, more than $1 million in cash prizes could be awarded to participants.

“Over the years we have added new targets and categories to direct research efforts toward areas of growing concern for businesses and consumers. This year, we’ve partnered with some of the biggest names in technology to further this commitment and continue driving relevant vulnerability research,” comments Trend Micro senior director of vulnerability research, Brian Gorenc.

Trend Micro also says it is working with the competition with the focus of expanding its focus on securing the connected world by partnering with major vendors.

Story image
Addressing the challenges of least privilege access
Enforcing the right privilege policies across the environment with the right visibility and observability will ensure that the policy mandates hold tight against any behaviour changes.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the cybersecurity lessons learned from the last 12 months
This is our seventh IT Jam with SonicWall, the cybersecurity company specialising in firewall, network security, cloud security and more.More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Gartner: Top security and risk management trends for 2021
“CISOs are keen to consolidate the number of security products and vendors they must deal with."More