Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pwn2Own Competitors Crack Tesla, Firefox, Safari, Microsoft Edge, and Windows 10 (zdnet.com)

Posted by EditorDavid on from the war-of-the-white-hats dept.

A research duo who hacked a Tesla were the big winners at the annual Pwn2Own white hat security contest, reports ZDNet. "The duo earned $375,000 in prize money, of the total of $545,000 awarded during the whole three-day competition... They also get to keep the car." Team Fluoroacetate -- made up of Amat Cama and Richard Zhu -- hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process to execute code on the car's firmware and show a message on its entertainment system... Besides keeping the car, they also received a $35,000 reward. "In the coming days we will release a software update that addresses this research," a Tesla spokesperson told ZDNet today in regards to the Pwn2Own vulnerability.

Not coincidentally, Team Fluoroacetate also won the three-day contest after earning 36 "Master of Pwn" points for successful exploits in Apple Safari, Firefox, Microsoft Edge, VMware Workstation, and Windows 10... [R]esearchers also exploited vulnerabilities in Apple Safari, Microsoft Edge, VMware Workstation, Oracle Virtualbox, and Windows 10.

5 of 41 comments (clear)

  1. The other prizes... by Anonymous Coward · · Score: 5, Funny

    Besides keeping the car, they also received a $35,000 reward.

    That's nothing... the ones who cracked Firefox got a free copy of Firefox. But the worst deal of all were the ones who cracked Win10, for they were obligated to accept a copy of Win10. Perhaps they'll read the terms and conditions more carefully next time. Live and learn.

  2. Re:Telegram, guys? by gravewax · · Score: 2

    exactly, cracks for that sort of stuff are unlikely to pop up in a pwn2own competition, they are too valuable to give away so cheaply.

  3. Why? by AHuxley · · Score: 2

    Is it the quality of the OS?
    The code used the software is created in?
    The skill sets needed to make a browser?
    More testing needed?
    Better testing?
    Would something like Ada ensure better software?

    --
    Domestic spying is now "Benign Information Gathering"
  4. What does Tesla's web browser run on nowadays? by Pinky's+Brain · · Score: 2

    The last time they had a browser hack the hackers could control breaks, do they have a decent hardware firewall in place now or is it still a shitshow?

  5. Re:Telegram, guys? by AmiMoJo · · Score: 2

    Interesting that Chrome isn't one of the ones on the list though. Too valuable or too secure?

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC