A group of hackers found a serious vulnerability in a Tesla car.
This is the first time that a car brand participates in the “Hacker Pwn2Own” competition, organized by Trend Micro’s Zero Day Initiative. Tesla led the event to Model 3, so hackers could find vulnerabilities in the vehicle’s system.
The Fluoroacetato team, formed by Richard Zhu and Amat Cam, accepted the challenge. The pair entered the Tesla Model 3 and, after a few minutes, managed to hack the Internet browser . The two managed to display a message via a JIT (just-in-time) bug, which went through the data randomization memory system – which supposedly would protect the car.
The efforts of Zhu and Cam earned them a monetary prize and the title of Master of Pwn of 2019, but, following the rules of the event, also gained the Model 3 that they managed to pirate.
Companies that participated in Pwn2Own received the details of the bugs exposed at the event and have 90 days to launch the security patches that correct the vulnerabilities. The Tesla team, for example, was pleased with the results of the competition: “We entered with Model 3 in the world-famous Pwn2Own competition with the goal of involving the most talented members of the security research community and having exactly this type of feedback, “it said in a statement. The company added that the software update to fix the bug will be released in the coming days.
Tesla has offered a reward program for bugs found in its electric vehicles over the past four years, and according to sources close to the company, hundreds of thousands of dollars have been paid to security researchers who reported vulnerabilities. The Fluoroacetate team is just one of many that are helping to increase the safety of Tesla’s electric vehicles by identifying bugs before malicious hackers exploit them for criminal activity.