At the CanSecWest 2019 “Pwn2Own” contest – an annual computer hacking contest held at CanSecWest, Tesla organized a hacking event, offering $35k and a Tesla Model 3 to anyone who cracks the Tesla Model 3 security.
The Pwn2Own contest is renowned for its incentives, the contest encourages hackers to participate, putting in their skills to good use in ensuring vulnerabilities are patched before they cause any harm.
The Pwn2Own-2019 was organized by Trend Micro’s Zero Day Initiative (ZDI) which primarily focuses on encouraging the zero-day vulnerability reporting responsibly to affected connected hardware vendors.
White hat hackers Amat Cama and Richard Zhu of team Fluoroacetate exposed the vulnerability in Tesla Model 3 by taking advantage of a JIT bug in the renderer of the vehicle’s infotainment system.
Tesla, acknowledging the hackers i.e. researchers, in an emailed statement, wrote:
“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser.
There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research.
We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”