Pwn2Own Competitors Crack Tesla, Firefox, Safari, Microsoft Edge, and Windows 10

A research duo who hacked a Tesla were the big winners at the annual Pwn2Own white hat security contest, reports ZDNet. "The duo earned $375,000 in prize money, of the total of $545,000 awarded during the whole three-day competition... They also get to keep the car." Team Fluoroacetate -- made up of Amat Cama and Richard Zhu -- hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process to execute code on the car's firmware and show a message on its entertainment system... Besides keeping the car, they also received a $35,000 reward. "In the coming days we will release a software update that addresses this research," a Tesla spokesperson told ZDNet today in regards to the Pwn2Own vulnerability.

Not coincidentally, Team Fluoroacetate also won the three-day contest after earning 36 "Master of Pwn" points for successful exploits in Apple Safari, Firefox, Microsoft Edge, VMware Workstation, and Windows 10... [R]esearchers also exploited vulnerabilities in Apple Safari, Microsoft Edge, VMware Workstation, Oracle Virtualbox, and Windows 10.

The other prizes...

Besides keeping the car, they also received a $35,000 reward.

That's nothing... the ones who cracked Firefox got a free copy of Firefox. But the worst deal of all were the ones who cracked Win10, for they were obligated to accept a copy of Win10. Perhaps they'll read the terms and conditions more carefully next time. Live and learn.

Re: The other prizes...

  -------- the joke ----->

    o <--- you.
  - |-
    / \

Re: The other prizes...

The joke is on your festival of crackhead stupidity

Re: The other prizes...

Can't win if you don't play

Re: The other prizes...

Depends. Is it a multiple round contest? Think before you answer

Re: The other prizes...

Nah. In the future all you old guys will be dead. Just have to hang on until you nutjobs get the ole death punt.

Re: The other prizes...

The only way to win is not to play!

Telegram, guys?

[hcs_$reboot]

$300,000 for Cracking Telegram Encryption. How about that challenge?

Re:Telegram, guys?

It pays better to keep the crack private and sell info to the agencies, sorry.

Re: Telegram, guys?

Ah well then the agencies are literally shit out of luck. One must keep a record available to the manufacturer unless one is a dipshit then one must cry in a corner

Re:Telegram, guys?

[gravewax]

exactly, cracks for that sort of stuff are unlikely to pop up in a pwn2own competition, they are too valuable to give away so cheaply.

Re: Telegram, guys?

Why not sell to both?

Re:Telegram, guys?

[hcs_$reboot]

cracks for that sort of stuff are unlikely to pop up in a pwn2own competition, they are too valuable to give away so cheaply.

That was the point. Unlike pwn2own, the Telegram prize is much more valuable, 300k ; and hackers would better try to crack this one.

Re:Telegram, guys?

300k is chicken feed compared to what it would be worth to a government agency.

Re:Telegram, guys?

300k really isn't a significant amount, agencies are spending a 100 times that looking for vulnerabilities in these sort of apps and I bet would pay a pretty penny for an unknown vulnerability that gave them access, certainly many times more than 300k.

Re:Telegram, guys?

[AmiMoJo]

Interesting that Chrome isn't one of the ones on the list though. Too valuable or too secure?

Re: Telegram, guys?

It's more about how the criteria are written. $80k for a breakout which allows full system control. Something that severe would probably qualify for the top end of Google's bounty, which would be close to $200k.

Re:Telegram, guys?

neither. Google offer higher bounties. by submitting it to the competition the participant would be giving up a lot of money. Really smart of google as it ensures less vulnerabilities are published outside of their control.

Re: President Trump Owned The Libs

You must have grown up in reform school

Re: President Trump Owned The Libs

#winning

Re: President Trump Owned The Libs

Are y'all tired of winning!? Me neither.

WindBourne told us win10 was the most secure ever!

But WindBourne foolishly told us that windows 10 is secure and only insider spies and Chinese outsourcing could penetrate it and steal your secrets.

Why?

[AHuxley]

Is it the quality of the OS?
The code used the software is created in?
The skill sets needed to make a browser?
More testing needed?
Better testing?
Would something like Ada ensure better software?

Re:Why?

[hcs_$reboot]

The complexity hidden behind these apparently simple and easy to use programs.

Re:Why?

You get what you pay for. I write secure code. Unit tested & input fuzzed. I use a different more secure paradigm than typical C / C++ function call stacks (which put parameters & code pointers on the stack), None of my heap stores pointers to functions or v-tables. I employ hardware memory RW controls to ensure there are is no return oriented programming, stack smashing or heap exploits (my custom memory allocator keeps all record keeping data in read only memory unless a thread is in the alloc / free function, and I check permission to call this function by examining EIP (instruction pointer) AFTER unlocking memory (otherwise one could jump to the record keeping unlock code that temporarily marks the code writable) -- the check afterwards relocks the RAM pages if permission is not approved.

Hardware could speed up the mark & unmarking of certain pages while excuting code in a specific range (the memory allocator / etc "sensitive" user code), by providing an opcode and two registers to do so. However once software designers have a "turing complete" machine they pretend it is the holy grail and all things are possible thereby without sticking it to the hardware mfgs. On the old chipsets where there was no execution ring level permissions (such as MS-DOS & DR-DOS were made for) there was no way to prevent one process from writing over another's memory. Unless you run all your software in a VM you can not provide such protections on the old chipset. This demonstrates that some hardware capabilities are required for software security to exist within performance (speed) expectations. Now we have execution rings & memory virtualization. We can now isolate processes thanks to these hardware features. Now we also need to ensure that only certain functions (regions of code) can modify certain pages of process memory. We don't have that hardware capability and no popular OS provides it. I can emulate it via memory mapping and IPC and using a separate process to do all memory (de)allocation, but it is fucking slow as molasses...

TL;DR: provably secure software exists. You won't pay for security. You don't get developers like me. We have no clout to push for the HW features needed for securing your platforms. Also, spies.

Re:Why?

[AHuxley]

Every year the software people need to trust and use keeps on not been secure.

Re:Why?

Pix or it didn't happen.

Re:Why?

[RespekMyAthorati]

English?

Easy

[wolfheart111]

Peasy...

Re:Easy

Japanesey?

What does Tesla's web browser run on nowadays?

[Pinky's+Brain]

The last time they had a browser hack the hackers could control breaks, do they have a decent hardware firewall in place now or is it still a shitshow?

Re:What does Tesla's web browser run on nowadays?

Was it breaks in the software? Or, was it the brakes on the wheels?

Re:What does Tesla's web browser run on nowadays?

do they have a decent hardware firewall in place now or is it still a shitshow?

It really wasn't in the first place. The CAN bus is secured, here's a video of the hackers explaining the layout (Explanation of the layout starts at 9:04, but the entire video is interesting if you want to see how well Tesla has secured their cars).

The "shitshow" you say is just the hackers being able to issue commands which you could already do remotely.

Richard Zhu .. don't let him to get back to China!

If that Richard Zhu fella successfully get back to China we'll sure be Royally Fucked !!