|Pwn2Own Contest To Win A Tesla|
|Written by Kay Ewbank|
|Thursday, 17 January 2019|
Contestants at this year's CanSecWest security conference have a chance of winning a different prize to the usual offered in the Pwn2Own competition - a Tesla Model 3 car.
The prize is being offered in the Automotive category, and will be awarded to the first cybersecurity researcher who can hack the car's computer system. The Pwn2Own hacking contest is now run by Trend Micro, and there are plenty of other targets and more prize money for security researchers who successfully execute zero-day exploits.
There are six different 'focal points' for contestants targeting the Tesla connected car, with prizes ranging from $35,000 to $300,000 depending on a variety of factors including the exploit used. And the first successful researcher can also drive off in their own brand new Model 3 after the competition ends.
The first option, and the one that would win the largest prize, is to attempt to gain control of either the car’s gateway, autopilot, or VCSEC. In this case the gateway is the central hub that is used to connect various components and process the data from those components, specifically the car’s powertrain and chassis. The autopilot provides driver assistance when parking, changing lanes, and similar actions usually carried out by the driver. VSEC stands for Vehicle Controller Secondary, and handles security functions such as the car alarm. To win the money an exploit needs to make one of the gateway, autopilot, or VCSEC communicate with a rogue base station or other malicious controller. An exploit that uses a denial-of-service attack to block the car’s autopilot would win $50,000.
The second most profitable exploit would be one that successfully unlocks the car and/or starts the engine without using the Tesla key. This would require an attack on the Tesla’s key fob or Phone-as-Key option. This would win $100,000. Another $100,000 prize is on offer for a successful attack on the car’s controller area network, or CAN bus, which is used for communication between Tesla's microcontrollers and devices.
A prize of $85,000 is on offer for an exploit that works via Tesla’s "infotainment" system, and that gets past the security sandbox, accesses the operating system kernel, or escalates privileges to root. The final option is to try to hack either the Wi-Fi or Bluetooth systems.
Other categories in this year's competition involve virtualization systems, web browsers, enterprise applications, and server-side code.
or email your comment to: firstname.lastname@example.org