Pwn2Own Contest To Win A Tesla
Written by Kay Ewbank   
Thursday, 17 January 2019

Contestants at this year's CanSecWest security conference have a chance of winning a different prize to the usual offered in the Pwn2Own competition - a Tesla Model 3 car.

The prize is being offered in the Automotive category, and will be awarded to the first cybersecurity researcher who can hack the car's computer system. The Pwn2Own hacking contest is now run by Trend Micro, and there are plenty of other targets and more prize money for security researchers who successfully execute zero-day exploits.

tesla

There are six different 'focal points' for contestants targeting the Tesla connected car, with prizes ranging from $35,000 to $300,000 depending on a variety of factors including the exploit used. And the first successful researcher can also drive off in their own brand new Model 3 after the competition ends.

The first option, and the one that would win the largest prize, is to attempt to gain control of either the car’s gateway, autopilot, or VCSEC. In this case the gateway is the central hub that is used to connect various components and process the data from those components, specifically the car’s powertrain and chassis. The autopilot provides driver assistance when parking, changing lanes, and similar actions usually carried out by the driver. VSEC stands for Vehicle Controller Secondary, and handles security functions such as the car alarm. To win the money an exploit needs to make one of the gateway, autopilot, or VCSEC communicate with a rogue base station or other malicious controller. An exploit that uses a denial-of-service attack to block the car’s autopilot would win $50,000.

The second most profitable exploit would be one that successfully unlocks the car and/or starts the engine without using the Tesla key. This would require an attack on the Tesla’s key fob or Phone-as-Key option. This would win $100,000. Another $100,000 prize is on offer for a successful attack on the car’s controller area network, or CAN bus, which is used for communication between Tesla's microcontrollers and devices. 

A prize of $85,000 is on offer for an exploit that works via Tesla’s "infotainment" system, and that gets past the security sandbox, accesses the operating system kernel, or escalates privileges to root. The final option is to try to hack either the Wi-Fi or Bluetooth systems.

Other categories in this year's competition involve virtualization systems, web browsers, enterprise applications, and server-side code.

tesla

 

More Information

Rules For Pwn2Own Contest

Related Articles

Microsoft Edge Falls Victim At Pwn2Own

Get Ready for Expanded Pwn2Own 2017

Pwn2Own 2016 - The Results

Largest Payout Ever At Pwn2Own 2015 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Zitadel Announces Funding And Future Plans
21/11/2024

Zitadel has announced a major funding round that will be used to expand technical teams and fund further product development. The company is the creator of an open source project for cloud-native iden [ ... ]



IBM Opensources AI Agents For GitHub Issues
14/11/2024

IBM is launching a new set of AI software engineering agents designed to autonomously resolve GitHub issues. The agents are being made available in an open-source licensing model.


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info