Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pwn2Own Contest Will Pay $900,000 For Hacks That Exploit Tesla's Model 3 (techcrunch.com)

Posted by BeauHD on from the bug-bounty dept.

The Model 3 will be entered into Pwn2Own this year, the first time a car has been included in the annual high-profile hacking contest. The prize for the winning security researchers: a Model 3. TechCrunch reports: Pwn2Own, which is in its 12th year and run by Trend Micro's Zero Day Initiative, is known as one of the industry's toughest hacking contests. ZDI has awarded more than $4 million over the lifetime of the program. Pwn2Own's spring vulnerability research competition, Pwn2Own Vancouver, will be held March 20 to 22 and will feature five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category. The targets, chosen by ZDI, include software products from Apple, Google, Microsoft, Mozilla, Oracle and VMware. And, of course, Tesla . Pwn2Own is run in conjunction with the CanSec West conference. There will be "more than $900,000 worth of prizes available for attacks that subvert a variety of [the Model 3's] onboard systems," reports Ars Technica. "The biggest prize will be $250,000 for hacks that execute code on the car's getaway, autopilot, or VCSEC."

"A gateway is the central hub that interconnects the car's powertrain, chassis, and other components and processes the data they send. The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions. Short for Vehicle Controller Secondary, VCSEC is responsible for security functions, including the alarm."

47 comments

  1. Good idea by 110010001000 · · Score: 0

    What if hackers took control of a Tesla and caused it to crash into a lane divider barrer? Or crash into a firetruck? It is better to find those exploits now, before they happen in real life.

    1. Re: Good idea by Anonymous Coward · · Score: 0

      Sure if Tesla actually co tatted specific hackers and asked for their help - getting people to hack into a car on the false promise of a reward without the owners permission is - hmmm my friends what is the word for that?

    2. Re: Good idea by Anonymous Coward · · Score: 0

      Autocorrect.

    3. Re: Good idea by Anonymous Coward · · Score: 0

      I think my dear buddy they call that a felony

    4. Re: Good idea by Anonymous Coward · · Score: 0

      Tell it to Oleg Derepaska. Trump gives out free passes for felonies, you just have to work your business somehow between him and his Russian masters.

    5. Re: Good idea by Anonymous Coward · · Score: 0

      Steep and willowy is the way
      Winds in the distance like a faint reminder of saint ann
      Eyes to eyes pull
      A faint breath of laurel and the brush of a sleeve
      Toward the wind

    6. Re: Good idea by Anonymous Coward · · Score: 0

      Free passes will be no comfort with no prize money

    7. Re: Good idea by Anonymous Coward · · Score: 0

      "co tatted"

      Is that to apply tattoo's to two people at once?

    8. Re: Good idea by Anonymous Coward · · Score: 0

      Dude! What does my tattoo say?
      Sweet! What does mine say?
      Dude! What does mine say?
      Your tattoo says dude - your tattoo says sweet - now get out of here!

    9. Re: Good idea by Anonymous Coward · · Score: 0

      It isnt a hack if you just know the password. A password thousands of stanzas in length with at least one special character

    10. Re: Good idea by Anonymous Coward · · Score: 0

      Go look up who your favorite president has issued pardons or commutations to. You wont because you think you are really clever but you are really just another mindless npc dumbass college kid.

      Hint: posting your stupid shit on /. will not get you laid.

    11. Re: Good idea by Anonymous Coward · · Score: 0

      ^^ when you need everyone else to use your metrics and be constrained in the same way you are or "it's not fair" and "you're an npc" and other ironies.

      Hint: Posting that posting his stupid shit on /. wont get him laid wont get you laid :3

    12. Re: Good idea by Anonymous Coward · · Score: 0

      Dude how did we make this one line joke last for 90 minutes
      We didn't Dude everybody left

    13. Re:Good idea by AmiMoJo · · Score: 2

      Tesla cars are the only ones you can drive remotely from your phone, which seems to make them uniquely vulnerable. Most cars have a hardware firewall between the telematics/infotainment systems and steering/drivetrain control, but obviously to support he remote control feature Tesla has to have comms between the two.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re: Good idea by Anonymous Coward · · Score: 0

      Most tattoo victims have poor credit.

    15. Re:Good idea by drinkypoo · · Score: 1

      Most cars have a hardware firewall between the telematics/infotainment systems and steering/drivetrain control,

      They do these days, anyway. In the late nineties Audi was using a single bus across the entire vehicle. They didn't have internet infotainment though, just a lcd screen radio.

      but obviously to support he remote control feature Tesla has to have comms between the two.

      They all have comms between the two, in the gateway. How much do you trust the gateway?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    16. Re: Good idea by Pikoro · · Score: 1

      Burma Shave

      --
      "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
    17. Re: Good idea by Anonymous Coward · · Score: 0

      Ah ok, guess everything is fine then. Probably no logic fallacy what so ever there comrade...

    18. Re:Good idea by lexman098 · · Score: 1

      Tesla cars are the only ones you can drive remotely from your phone

      wrong

    19. Re:Good idea by lexman098 · · Score: 1

      Actually that's not from the phone I guess, technically. But it's an external device manipulating the drivetrain.

  2. One hole by Anonymous Coward · · Score: 0

    Beeeeee Cause

    It's ONE hole
    TWO holes
    THREE holes
    No one's waitIIIIING...there's no waitiiiiiing

  3. Crackas with Attitude? by Anonymous Coward · · Score: 0

    Could they be more racist?

    1. Re: Crackas with Attitude? by Anonymous Coward · · Score: 0

      Yes they could if they decided to join the prog left and democrats and callously use the brown people for their own white devil ends.

    2. Re:Crackas with Attitude? by Anonymous Coward · · Score: 0

      What are you, the 'fuck the police' police?

    3. Re: Crackas with Attitude? by Anonymous Coward · · Score: 0

      Frog the police - excuse me I have to measure various body parts as tattoo candidates. Is any Pantone color supported by tattoo guns? If the shading isnt right it will look washed out in the evening sun

    4. Re: Crackas with Attitude? by Anonymous Coward · · Score: 0

      What do you call a cop with no badge and no paycheck? A major asshole

    5. Re: Crackas with Attitude? by Anonymous Coward · · Score: 0

      You nazi faggots do it to yourselves, you hate everyone, everyone hates you. This is your problem inbred incel faggot republicans. Even Bitch McGobble says nazis are losers lol. You've got nothing, Trump is about to hang.

      Death to traitors.

    6. Re: Crackas with Attitude? by Anonymous Coward · · Score: 0

      Please dont be so upset, again. It was just a little cum that got in your mouth. I thought I pulled out before I came but you were sucking so hard it just happened. I am sorry.

      Tomorrow we can skip the blowjob and I will just straight up ass fuck you instead like we usually do.

  4. No mod points for you. by raind · · Score: 1

    1. AC's don't get them as a matter of course.
    2. That's all I see so far anyway, /. has really gone downhill.
    3. Sorry.

    --
    Get up!
    1. Re: No mod points for you. by Anonymous Coward · · Score: 0

      Doesn't matter. Mod points and usernames are for social media fags like you. Real men browse at -1.

  5. Aps on no Aps by rtb61 · · Score: 2

    Tesla needs to declare whether or not the vehicle will be running with all possible apps. You can run them and vehicles could be hacked as a result, so consumers need to be aware of how dangerous those apps could be and whether or not they should run any at all.

    --
    Chaos - everything, everywhere, everywhen
    1. Re:Aps on no Aps by Anonymous Coward · · Score: 1

      Tesla 3 does not have apps of any kind at this time

    2. Re: Aps on no Aps by Anonymous Coward · · Score: 0

      Tesla owes slashdot ACsno such explanation. Check the 10-k scumbag

    3. Re:Aps on no Aps by Anonymous Coward · · Score: 0

      Even if there were apps, they run on the infotainment system, whose prize is only $35k - they aren't considered a core part of the cars security (despite that computer controlling the whole UI).

  6. Second prize is... by Anonymous Coward · · Score: 0

    Second prize is two Tesla Model 3s.

  7. Only the 3? by Actually,+I+do+RTFA · · Score: 1

    I would have competed if I could have gotten an S...

    --
    Your ad here. Ask me how!
    1. Re:Only the 3? by Anonymous Coward · · Score: 0

      Well you do get $900k, so you can buy your own S...

  8. What tools by Anonymous Coward · · Score: 0

    Because if they allow hacking with other vehicles it will be fun. My komatsu mining truck will hack a Tesla in no time

  9. self driveing cars need not network lock cars and by Joe_Dragon · · Score: 1

    self driving cars need not network lock cars and not put the entertainment system network on the same network as the local CAN bus for sensors.

    As for map data that can be done in a way there it is an one way input into the sensors system and can't over ride an sensor

  10. Bad Map data can be used to place the car in place by Joe_Dragon · · Score: 1

    Bad Map data can be used to place the car in place that is hard to get out of or may even send into a
    RIVER
    OFF AN CLIFF
    ON TO AN AIRPORT RUNWAY
    TRAIN TRACKS
    WRONG WAY

  11. Getaway system? by dromgodis · · Score: 2

    [...] for hacks that execute code on the car's getaway, autopilot, or VCSEC.

    I see a potential niche market for this car model.

  12. Re:Bad Map data can be used to place the car in pl by Anonymous Coward · · Score: 2, Funny

    Easy fix:

    if(destination.isAllCaps())
        return;

  13. Don't give the results back to Tesla by Anonymous Coward · · Score: 0

    Give it to the community so that malware can be overidden. Malware being software that isn't under the owners control. When the company has more control over my car than I do, its a car I won't be driving.