Netease Technology News on January 11, according to foreign media reports, in the past few years, Tesla has always invested more in ensuring network security, and now it will return to the hacking contest Pwn2Own again, challenging hackers to find their car vulnerabilities. $ 1 million bonus and multiple cars.
In 2019, Tesla traveled to Vancouver to participate in Pwn2Own, a hacking contest organized by the Zero Day Initiative (ZDI), a well-known security project team under the information security software industry giant Trend Micro. At the time, anyone who discovered and exploited certain vulnerabilities in the Model 3 in-car system could get this electric car as a reward.
A team of two hackers targeted the infotainment system on the Model 3 and managed to control the system using a “JIT vulnerability in the renderer.” In the end, they won the new Model 3.
This type of hacking contest with white hat hackers has allowed Tesla to test and improve its security systems, which are becoming increasingly important in cars as they become more like computers on wheels. This is why Tesla decided to return to Pwn2Own this year and improve its reward.
ZDI said in a statement: “Last year, we partnered with Tesla to target the best-selling Model 3 in its class in the United States, which surprised many people. In the end, we awarded the car to two talented researchers. The reason we want to include Tesla is that they pioneered the concept of connected cars and over-the-air upgrades nearly a decade ago, and they have been leading the field ever since. “
The statement continued: “This year, Tesla Model 3 will return to the arena. Finding Model 3 vulnerabilities have become a more difficult challenge, which means that the potential returns this year will also be much higher. Microsoft is also returning as a partner, VMware is returning as a sponsor, and their Pwn2Own goal is a bit traditional. Entrants can get more than $ 1 million in cash and prizes, including the new Tesla car. “
Tesla Model 3 cars are equipped
This year, the challenge of invading Tesla’s systems has become more complex. ZDI stated, “We want to add complexity to this year’s event. Tesla Model 3 cars are equipped with multiple layers of security measures, and three different levels have been set for this car category. Awards to correspond to the different security levels of Tesla cars, and in some cases additional reward options. “
Tesla hacking team may receive a $ 700,000 reward
Between the first tier and the ‘add-on’ target, an individual or hacking team may receive a $ 700,000 reward and a brand new Tesla Model 3. Hackers can also participate in two other less-privileged challenges, and several challenges can be rewarded with Model 3. The competition will be held in Vancouver in March.
Tesla has been running a bug bounty program for the past five years, and according to people familiar with the matter, the company has issued hundreds of thousands of dollars in rewards to hackers who discovered vulnerabilities in its systems. In 2018, Tesla raised the maximum bounty for each reported vulnerability to $ 15,000 and took a big step in appeasing owners who invaded their vehicles.
Tesla Model 3 Automotive Software Vice President David Lau commented on their efforts: We develop our cars with the highest safety standards in every aspect, and our cooperation with the safety research community is priceless. Since launching the bug bounty program in 2014, we have continuously increased our partnership investment with security researchers to ensure that all Tesla owners continue to benefit from the smartest people in the community. We look forward to knowing and rewarding the outstanding work of Pwn2Own so that we can continue to improve our products and designs and make the system more secure. “
Tesla Model S through a malicious Wi-Fi hotspot
Tesla also quickly fixed a vulnerability exposed by white hat hackers. In 2016, there was a white-hat hacking group remotely invaded Tesla Model S through a malicious Wi-Fi hotspot, which is believed to be the first remote hacking attack on Tesla cars. Hackers reported the vulnerability to Tesla in advance, and the latter soon fixed a new one.