Pwn2Own Contest To Win A Tesla
Written by Kay Ewbank   
Thursday, 17 January 2019

Contestants at this year's CanSecWest security conference have a chance of winning a different prize to the usual offered in the Pwn2Own competition - a Tesla Model 3 car.

The prize is being offered in the Automotive category, and will be awarded to the first cybersecurity researcher who can hack the car's computer system. The Pwn2Own hacking contest is now run by Trend Micro, and there are plenty of other targets and more prize money for security researchers who successfully execute zero-day exploits.

tesla

There are six different 'focal points' for contestants targeting the Tesla connected car, with prizes ranging from $35,000 to $300,000 depending on a variety of factors including the exploit used. And the first successful researcher can also drive off in their own brand new Model 3 after the competition ends.

The first option, and the one that would win the largest prize, is to attempt to gain control of either the car’s gateway, autopilot, or VCSEC. In this case the gateway is the central hub that is used to connect various components and process the data from those components, specifically the car’s powertrain and chassis. The autopilot provides driver assistance when parking, changing lanes, and similar actions usually carried out by the driver. VSEC stands for Vehicle Controller Secondary, and handles security functions such as the car alarm. To win the money an exploit needs to make one of the gateway, autopilot, or VCSEC communicate with a rogue base station or other malicious controller. An exploit that uses a denial-of-service attack to block the car’s autopilot would win $50,000.

The second most profitable exploit would be one that successfully unlocks the car and/or starts the engine without using the Tesla key. This would require an attack on the Tesla’s key fob or Phone-as-Key option. This would win $100,000. Another $100,000 prize is on offer for a successful attack on the car’s controller area network, or CAN bus, which is used for communication between Tesla's microcontrollers and devices. 

A prize of $85,000 is on offer for an exploit that works via Tesla’s "infotainment" system, and that gets past the security sandbox, accesses the operating system kernel, or escalates privileges to root. The final option is to try to hack either the Wi-Fi or Bluetooth systems.

Other categories in this year's competition involve virtualization systems, web browsers, enterprise applications, and server-side code.

tesla

 

More Information

Rules For Pwn2Own Contest

Related Articles

Microsoft Edge Falls Victim At Pwn2Own

Get Ready for Expanded Pwn2Own 2017

Pwn2Own 2016 - The Results

Largest Payout Ever At Pwn2Own 2015 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

Banner


PyTorch Adds TorchScript API
16/08/2019

PyTorch 1.2 has been released with a new TorchScript API offering fuller coverage of Python. The new release also has expanded ONNX export support and a standard nn.Transformer module.



Microsoft Pushing VBScript A Little Closer To the Edge
14/08/2019

of extinction. VBScript is one of the variations Microsoft created of the original VB. Now it has decided to drop default support in Internet Explorer. Clearly VBScript is on its way out.


More News

appC

 



 

Comments




or email your comment to: comments@i-programmer.info