Hackers managed to crack the security of a Tesla Model 3 and made off with a shiny new car and $35k for their efforts.
To be clear, it was all sanctioned by Tesla and not a theft. The automotive manufacturer willingly subjected their automobile to hackers as part of the Pwn2Own competition.
Pwn2Own provides incentives to put the skills of hackers to great use in ensuring vulnerabilities are patched before they cause injury. Cases of connected vehicles have the potential to cost lives.
The 2019 variant of Pwn2Own’s contest was organised by Trend Micro's Zero Day Initiative (ZDI) which has the goal of encouraging the reporting of zero-day vulnerabilities responsibly to affected vendors.
Amat Cama and Richard Zhu of team Fluoroacetate exposed Tesla’s vulnerability which took advantage of a JIT bug in the renderer of the vehicle’s infotainment system.
In an emailed statement, Tesla wrote:
“We entered Model 3 into the world-renowned Pwn2Own competition to be able to engage with the most talented members of the security research community, with the goal of soliciting this specific sort of feedback. During the contest, researchers demonstrated a vulnerability against the in-car web browser.
There are lots of layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we’ll launch a software upgrade that addresses this research.
We know that this demonstration took an extraordinary amount of effort and skill, and we thank those researchers for their work to help us continue to ensure our cars are the most secure on the street today. ”
Tesla has given away hundreds of thousands of dollars to hackers that ’ve exposed vulnerabilities in its systems responsibly. Even though a lot, it’s still likely cheaper than dealing with injury/fatality lawsuits and replacing damaged equipment brought on by hackers.
Interested in hearing industry leaders discuss subjects in this way? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with forthcoming events in Silicon Valley, London, and Amsterdam.
Buy Tickets for every event – Sports, Concerts, Festivals and more buytickets.com