A team of skilled hackers got more than what they bargained for in the Pwn2Own Hacking Event in Vancouver, Canada.
This is after Tesla gifted them with an electric car and $375K after it managed to uncover the liabilities of the Model 3 in the final day of the event.
Richard Zhu and Amat Cama of team Fluoroacetate proficiently unmasked the vulnerabilities of the Model 3 with the use of the JIT bug in the renderer to take control of its infotainment system.
Zhu and Cama refused to offer much information as to how they managed to penetrate the system, but multiple reports say that the winning pair made use of the JIT bug to efficiently execute the code on the car's firmware.
Tesla Praises Team Fluoroacetate
David Lau, Vice President of Vehicle Software at Tesla lauded the efforts of Zhu and Cama and vowed to fix the said vulnerabilities. The company added that they will be releasing a software update in the next few days to properly address the system glitches of the Model 3. It also mentioned that it will not void warranties for vehicles used in pre-approved good faith security research.
"We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us. Since launching our bug bounty program in 2014 — the first to include a connected consumer vehicle — we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community," Lau said.
"We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems."
Team Fluoroacetate dominated the three-day competition after earning 36 Master of Pwn points for competently detecting susceptibilities on popular software such as the Windows 10, VMware Workstation, Edge, Firefox, and Apple Safari. Overall, Team Fluoroacetate pocketed $375,000 in cash and their winnings totaled to $545,000 in the three-day contest organized by the Zero-Day Initiative team of Trend Micro.
Pwn2Own is an annual hacking and security gathering, which awards hackers commemorative prizes for hacking a particular device. This year's event also marked the first time that a car maker joined the competition.
Tesla Also Initiates Car Breaching Contests
According to sources within the industry, Tesla has given away thousands of dollars in rewards to hackers for successfully breaching its car systems. As a matter of fact, Tesla increased its max payout for a reported bug to $15,000 last year.
It can be recalled that a Chinese whitehat hacker group named as the Keen Security Lab at Tencent was able to remotely maneuver the Tesla Model S with the use of a malicious Wi-Fi hotspot in 2016.
Reports say that the hacking initiated by the Keen Security Lab at Tencent marked the first remote hack of a Tesla vehicle. The white hat hackers subsequently reported the liability to Tesla who immediately initiated several updates to strengthen the system.