A pair of security researchers who revealed a security issue for the Tesla Model 3 at the annual Pwn2Own hacking event were able to win the electric vehicle as their prize.
This is the first time that an automaker participated in Pwn2Own, which is run by Trend Micro’s Zero Day Initiative and is in its 12th year. Tesla made the Model 3 available to hackers in the competition to look for vulnerabilities in the electric vehicle’s system.
Team Fluoroacetate, Richard Zhu and Amat Cam, took the challenge. On the final day of Pwn2Own, the duo entered the Tesla Model 3, and after a few minutes, they were able to hack the electric vehicle’s internet browser. They were able to display a message through a JIT, or just-in-time, bug that bypasses memory randomization data which is supposed to protect secrets.
For their efforts, Zhu and Cam not only took home a prize of $35,000, but according to the competition’s rules, they also won the Model 3 that they successfully hacked. The pair were crowned as the Master of Pwn for 2019, as they won $375,000 out of the $545,000 awarded in this year’s Pwn2Own.
The companies that participated in Pwn2Own have received the details of the bugs that were exposed in the event, and are given 90 days to release security patches to fix the vulnerabilities. Tesla, for one, is happy with what transpired.
“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback,” Tesla said in a statement, adding that the software update to fix the bug that was identified by Team Fluoroacetate will be rolled out in the coming days.
Tesla has offered a bug bounty program for its electric vehicles over the past four years, and according to sources familiar with the matter, hundreds of thousands of dollars have been given as rewards to security researchers who have reported vulnerabilities, Electrek reported. Team Fluoroacetate is just one of many teams and individuals who are helping keep Tesla’s electric vehicles safe by sniffing out the bugs before hackers get to exploit them for criminal activities.
- Security vulnerability leaves Razer laptops vulnerable to hacks
- FaceTime bug: Apple rolls out a fix to enable group calls again
- Intel’s chips are still vulnerable, and the new Ice Lake won’t patch everything
- Tesla cuts the price of the Model 3 again, this time by $1,100
- Tesla app now keeps track of electric vehicle’s repair status