Hackers during the Vancouver Pwn2Own competition, broke into a Tesla 3 with a hack in minutes, and for their effort walked away with the car. The competition is in its 12th year and attracts hackers from around the glove for prizes that can add up to hundreds of thousands of dollars. This year prize money added up to $545,000.
This year's winning team, Flouroacetate, nabbed $375,000 in prize money plus the Tesla 3 sedan, starting at $43,000. Tesla itself donated the car, one of its newest, to see if hackers could find vulnerabilities in its operating system.
Once a sign of embarrassment, hacks are often embraced by brands eager to find vulnerabilities in their products. It's better for companies to have these weaknesses exposed in a controlled space than when millions of users find their passwords and other data compromised. Tesla even said as much.
"We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback," Tesla said in an emailed statement to TechCrunch. "During the competition, researchers demonstrated a vulnerability against the in-car web browser. There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today."
Tesla donated a model 3 to the Pwn2Own competition, with the winner walking away with the sedanTesla
Pwn2Own is run by Trend Micro's Zero Day Initiative. The contest runs concurrently with the CanSecWest event — and hackers are invited to pwn or hack a device. If they do, they keep it, plus typically tens of thousands of dollars in prize money. Additionally, they earn points towards becoming the Master of Pwn, and the event's top hacker.
The winning duo that makes up the hacking team Flouroacetate hacked the Tesla 3 with a JIT, or just in time, bug which impacts coding that happens at run time. They used a similar bug in other hacks throughout the day, hacking into Safari and Firefox. The two also won the Pwn2OwnTokyo in November of 2018, which focuses primarily on mobile devices, by hacking in an iPhone X and a Xiaomi Mi6