Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Bug Software Technology

Pwn2Own Contest Will Pay $900,000 For Hacks That Exploit Tesla's Model 3 (techcrunch.com) 47

Posted by BeauHD from the bug-bounty dept.
The Model 3 will be entered into Pwn2Own this year, the first time a car has been included in the annual high-profile hacking contest. The prize for the winning security researchers: a Model 3. TechCrunch reports: Pwn2Own, which is in its 12th year and run by Trend Micro's Zero Day Initiative, is known as one of the industry's toughest hacking contests. ZDI has awarded more than $4 million over the lifetime of the program. Pwn2Own's spring vulnerability research competition, Pwn2Own Vancouver, will be held March 20 to 22 and will feature five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category. The targets, chosen by ZDI, include software products from Apple, Google, Microsoft, Mozilla, Oracle and VMware. And, of course, Tesla . Pwn2Own is run in conjunction with the CanSec West conference. There will be "more than $900,000 worth of prizes available for attacks that subvert a variety of [the Model 3's] onboard systems," reports Ars Technica. "The biggest prize will be $250,000 for hacks that execute code on the car's getaway, autopilot, or VCSEC."

"A gateway is the central hub that interconnects the car's powertrain, chassis, and other components and processes the data they send. The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions. Short for Vehicle Controller Secondary, VCSEC is responsible for security functions, including the alarm."
This discussion has been archived. No new comments can be posted.

Pwn2Own Contest Will Pay $900,000 For Hacks That Exploit Tesla's Model 3 More

Pwn2Own Contest Will Pay $900,000 For Hacks That Exploit Tesla's Model 3

Comments Filter:
  • What if hackers took control of a Tesla and caused it to crash into a lane divider barrer? Or crash into a firetruck? It is better to find those exploits now, before they happen in real life.

    • self driving cars need not network lock cars and not put the entertainment system network on the same network as the local CAN bus for sensors.

      As for map data that can be done in a way there it is an one way input into the sensors system and can't over ride an sensor

    • Re: (Score:3)

      by AmiMoJo ( 196126 )

      Tesla cars are the only ones you can drive remotely from your phone, which seems to make them uniquely vulnerable. Most cars have a hardware firewall between the telematics/infotainment systems and steering/drivetrain control, but obviously to support he remote control feature Tesla has to have comms between the two.

      • Most cars have a hardware firewall between the telematics/infotainment systems and steering/drivetrain control,

        They do these days, anyway. In the late nineties Audi was using a single bus across the entire vehicle. They didn't have internet infotainment though, just a lcd screen radio.

        but obviously to support he remote control feature Tesla has to have comms between the two.

        They all have comms between the two, in the gateway. How much do you trust the gateway?

      • Tesla cars are the only ones you can drive remotely from your phone

        wrong [bmwblog.com]

        • Actually that's not from the phone I guess, technically. But it's an external device manipulating the drivetrain.
  • 1. AC's don't get them as a matter of course.
    2. That's all I see so far anyway, /. has really gone downhill.
    3. Sorry.

  • Aps on no Aps (Score:3)

    by rtb61 ( 674572 ) on Wednesday January 16, 2019 @12:13AM (#57970464) Homepage

    Tesla needs to declare whether or not the vehicle will be running with all possible apps. You can run them and vehicles could be hacked as a result, so consumers need to be aware of how dangerous those apps could be and whether or not they should run any at all.

    • Re: (Score:1)

      by Anonymous Coward

      Tesla 3 does not have apps of any kind at this time

  • I would have competed if I could have gotten an S...

  • Bad Map data can be used to place the car in place that is hard to get out of or may even send into a
    RIVER
    OFF AN CLIFF
    ON TO AN AIRPORT RUNWAY
    TRAIN TRACKS
    WRONG WAY

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Easy fix:

      if(destination.isAllCaps())
          return;

  • Getaway system? (Score:3)

    by dromgodis ( 4533247 ) on Wednesday January 16, 2019 @03:09AM (#57970912)

    [...] for hacks that execute code on the car's getaway, autopilot, or VCSEC.

    I see a potential niche market for this car model.

Slashdot Top Deals

E = MC ** 2 +- 3db

Close