Image: Zero Day Initiative
Tesla returned as a partner to the Pwn2Own hacker competition offering Model 3 and Model S as well as $600,000 as prizes. The competition and prizes are used by the manufacturer to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise.
Tesla, in partnership with the Pwn2Own organization Zero Day Initiative, is offering a $600,000 cash prize to any hacker able to write exploits that go through multiple systems in a vehicle to execute arbitrary code, according to Security Week. Hackers can register an entry against either a Tesla Model 3 (Intel or Ryzen-based) or the Tesla Model S (Ryzen-based). Pwn2Own also announced the addition of the Steam VM Escape category with the Tesla Model 3 and Tesla Model S.
“Success here gets a big payout and, of course, a brand-new Tesla,” contest organizers announced Thursday.
Tesla has previously attracted the attention of experienced exploit writers in Pwn2Own. Back in 2019, the company gifted a Tesla Model 3 to a couple of researchers demonstrating successful exploits, and this year the organizers plan to increase the level of difficulty of what constitutes a successful car-hacking exploit. This year the organizers are looking for exploits targeting Tesla's Tuner, Wi-Fi, Bluetooth or Modem components. Hackers must demonstrate a successful intermediate pivot to the vehicle’s infotainment system and execute code against VCSEC, Gateway or Autopilot.
In addition to the car itself and $500,000, members can choose additional options to increase the payout to $600,000. “This represents the single largest target in Pwn2Own history,” competition organizers said in a note posted Thursday. Organizers believe a complete vehicle takeover exploit is a tough undertaking.
“It’s difficult to express the complexity of completing such a demonstration, but we’re certainly hopeful that someone can show off their exploit skills and drive off a winner.”
Pwn2Own is also offering cash prizes ranging from $250,000 to $400,000 to encourage hackers to showcase exploits that affect certain subsystems of the car.
“This level requires the contestant to get arbitrary code execution on two different sub-systems in the vehicle, which is certainly a difficult challenge.”
© 2023, Eva Fox | Tesmanian. All rights reserved.
_____________________________
We appreciate your readership! Please share your thoughts in the comment section below.
Article edited by @SmokeyShorts; follow him on Twitter