Pwn2Own Contest To Win A Tesla
Written by Kay Ewbank   
Thursday, 17 January 2019

Contestants at this year's CanSecWest security conference have a chance of winning a different prize to the usual offered in the Pwn2Own competition - a Tesla Model 3 car.

The prize is being offered in the Automotive category, and will be awarded to the first cybersecurity researcher who can hack the car's computer system. The Pwn2Own hacking contest is now run by Trend Micro, and there are plenty of other targets and more prize money for security researchers who successfully execute zero-day exploits.


There are six different 'focal points' for contestants targeting the Tesla connected car, with prizes ranging from $35,000 to $300,000 depending on a variety of factors including the exploit used. And the first successful researcher can also drive off in their own brand new Model 3 after the competition ends.

The first option, and the one that would win the largest prize, is to attempt to gain control of either the car’s gateway, autopilot, or VCSEC. In this case the gateway is the central hub that is used to connect various components and process the data from those components, specifically the car’s powertrain and chassis. The autopilot provides driver assistance when parking, changing lanes, and similar actions usually carried out by the driver. VSEC stands for Vehicle Controller Secondary, and handles security functions such as the car alarm. To win the money an exploit needs to make one of the gateway, autopilot, or VCSEC communicate with a rogue base station or other malicious controller. An exploit that uses a denial-of-service attack to block the car’s autopilot would win $50,000.

The second most profitable exploit would be one that successfully unlocks the car and/or starts the engine without using the Tesla key. This would require an attack on the Tesla’s key fob or Phone-as-Key option. This would win $100,000. Another $100,000 prize is on offer for a successful attack on the car’s controller area network, or CAN bus, which is used for communication between Tesla's microcontrollers and devices. 

A prize of $85,000 is on offer for an exploit that works via Tesla’s "infotainment" system, and that gets past the security sandbox, accesses the operating system kernel, or escalates privileges to root. The final option is to try to hack either the Wi-Fi or Bluetooth systems.

Other categories in this year's competition involve virtualization systems, web browsers, enterprise applications, and server-side code.



More Information

Rules For Pwn2Own Contest

Related Articles

Microsoft Edge Falls Victim At Pwn2Own

Get Ready for Expanded Pwn2Own 2017

Pwn2Own 2016 - The Results

Largest Payout Ever At Pwn2Own 2015 


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


GitHub Introduces Code Scanning

GitHub has announced a public beta of a code scanner that automatically fixes problems. The new feature was announced back in November, but has now moved to public beta status.  

Supersimple - Deep Insights From Data

Announcing $2.2 Million in pre-seed funding, the Estonian startup Supersimple has launched an AI-native data analytics platform which combines a semantic data modeling layer with the ability to answer [ ... ]

More News

raspberry pi books



or email your comment to: