Security researchers attending the annual Pwn2Own hacking contest have a new prize to compete for, as Tesla throws a brand new Model 3 into the ring.
Where attendees usually work to find vulnerabilities in commonly used programs like web browsers, the event's new automotive section will see a Tesla go up for grabs. It's the first time a car has been presented as a target to hackers at the event.
- Tesla key security flaw revealed: Time to give your car a PIN
- 12 internet-of-things hacks, and why you need to lock down your smart home in 2019
Pwn2Own is a competition which takes place at the annual CanSecWest conference, which focuses on digital security and this year is hosted in Vancouver over March 20-22. The Tesla challenge will happen once the conference begins.
The electric Model 3 is the latest car to be sold by Tesla and is priced from $44,000. Other targets for hackers to exploit at Pwn2Own this year include web browsers like Chrome and Safari, and enterprise applications like Adobe Reader and Microsoft Outlook. The average prizes tends to be around $10,000, making the Model 3 a desirable target.
This is the first time a car company has partnered with the Pwn2Own contest, and is the first time Tesla has offered to give away a car in return for it being hacked. That said, Tesla is no stranger to so-called bug bounties, where money is awarded to well-meaning hackers who inform the company about software weaknesses in its vehicles.
Tesla maintains a 'security researcher hall of fame' on its website, highlighting the teams of hackers who have discovered vulnerabilities in its cars since 2013. In 2018 Tesla increased the maximum reward for its big bounty program from $10,000 to $15,000.
The company also allows owners to attempt to hack their own cars. If they damage the software, yet can prove they were acting in good faith, then Tesla will re-install the car's software over the air or at a service center.
Tesla, along with many other car makers, has turned the automobile into an increasingly digital device. Over-the-air software updates, keyless entry and connected smartphone apps have all improved the user experience, but also present many new opportunities for hackers to compromise the system. In 2018, hackers demonstrated how Teslas (and other cars) could be stolen by intercepting and repeating the signal broadcast by key fobs.
In response to this, Tesla introduced PIN-to-drive, where owners can enable a system where a PIN must be entered on the car's touchscreen before it can be drive, even if the key fob is nearby.
David Lau, vice president of vehicle software at Tesla, said: "We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us...We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems."