In context: Bug-bounty programs run by companies that are keen to use the hacking community as outsourced security researchers often give away tens and sometimes hundreds of thousands of dollars for confirmed vulnerabilities. At the latest Pwn2Own hacking event, Tesla upped the ante by giving away a Model 3 after it was successfully infiltrated.
Tesla has a fairly positive history when it comes to interacting with the hacking community. Last year they increased their maximum payout for any reported vulnerabilities to $15,000. This week at the Pwn2Own hacking event they took things even further, giving away a Tesla Model 3 to anyone who was able to successfully gain access to the car’s systems.
Pwn2Own is an annual hacking and security conference where, as the name suggests, if a hacker successfully ‘pwns’ a device by exposing a previously-unknown vulnerability, they win the device itself plus other commemorative prizes.
Tesla this year became the first car maker to ever take part in the conference, and on the last day of the event their challenge was beaten, as two-man team ‘Fluoroacetate’ managed to infiltrate the Tesla Model 3’s infotainment system.
The winning pair, Amat Cama and Richard Zhu, didn’t offer much information on how they managed to crack the infotainment system, other than saying they introduced “a JIT bug in the renderer” for the in-car browser. But true to their word, Tesla thanked them for exposing the vulnerability and gave the pair the car.
Commenting on the company’s involvement in Pwn2Own, Tesla’s VP of Vehicle Software, David Lau, said, “we develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us.”
So Tesla cars are now one step closer to being safe from hackers – if only they could also stop their cars from driving towards traffic barriers, that'd be great for safety, too.