Tesla is entering the Model 3 into Pwn2Own, one of the worlds toughest hacking contests

Tesla is handing over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the annual high-profile hacking contest.
The prize for the winning security researcher: a Model 3.
Pwn2Own, which is in its 12th year and run by Trend Micros Zero Day Initiative, is known as one of the industrys toughest hacking contests. ZDI has awarded more than $4 million over the lifetime of the program.
Pwn2Ownsspring vulnerability research competition, Pwn2Own Vancouver, will be held in March 20 to 22 and will feature five categories, including web browsers, virtualization software, enterprise applications, server-side software, and the new automotive category. The targets, chosen byZDI, includesoftware products from Apple, Google, Microsoft, Mozilla, Oracle, and VMware. And, of course, Tesla . Pwn2Own is run in conjunction with the CanSec West conference.
Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And its grown and evolved ever since.
Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Teslas vehicles andall directly hosted servers, services and applications, are now in scope in its bounty program.
The company also made an important overhaul last year to its bug bounty program to support safe harbor by allowing car owners to hack their own cars as long as they stick to the rules.Teslasproduct security policy nowsays that if, through good-faith security research you brick your car, the company will reflash the software over-the-air or at a service center. The company says it wont voidthe warranty on their car if they hack its software either.
Theres a reason why Tesla (and now other automakers) have launched bug bounty programs. Tesla vehicles are software centric and in many ways changed the industry by enabling over the air software updates that can fix glitches and security problems as well as improve performance and add other new features. Its what has allowed Tesla to win over consumers with the idea that their vehicle will get better over time.
But with that comes possible security issues.Since 2014, the program has led Tesla to release a number of[/u]security improvements including cryptographic validation of its software, more robust cryptography for its key fobs, and the launch of PIN-to-Drive, which aims to prevent against relay attacks on keyfob cloning.
Of course, theres no guarantee that hackers at Pwn2Own Vancouver will find any vulnerabilities. TechCrunch was told by a Trend Micro spokesperson that thepercentage of successful attempts varies, but its usually around 50% of available targets.
Its also unclear if researchers will enter the automotive category since its new this year, the spokesperson said, adding that she hopes people enter as we would love to see what the state of the art in automotive research really is.
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«     2019    »