Car and almost $1m on offer for Tesla Model 3 hacks


The electric car maker is raising the ante in automotive security, putting one of its swanky models as a target at a hacking contest.

White-hat hackers who can break into a Tesla Model 3 will soon be in the running for, yes, a Tesla Model 3, according to a report on Teslarati.

Driven by considerations for vehicle security, the automaker is raising the ante and will be putting up one of its models as a target at a hacking contest. This will be the first time that, in fact, any car will face infiltration attempts at a white-hat competition. The honor now officially belongs to a mid-range rear wheel drive Tesla Model 3, priced at US$44,000.

On top of the car, hackers can win up to US$900,000 for identifying a variety of loopholes in the car’s systems at the Pwn2Own hacking contest, which will take place within the CanSecWest 2019 security conference in Vancouver, Canada, in late March.

The largest payout – of up to US$250,000 – will be awarded for code execution on the car’s gateway, autopilot, or VCSEC that will involve communication with a “rogue base station or other malicious entity”, wrote the Zero Day Initiative. “And the first successful researcher can also drive off in their own brand new Model 3 after the competition ends”.

Standing for ‘Vehicle Controller Secondary’, VCSEC is responsible for security and alarm, among other functions. Other hacking categories in the contest’s Tesla-centered section include ‘key fobs or phone-as-key’, ‘modem and tuner’ and ‘infotainment’.

Tesla CEO Elon Musk has articulated his commitment to securing Tesla vehicles. “It is my top concern from a security standpoint—that Tesla is making sure that a fleet-wide hack or any vehicle-specific hack can’t occur,” he said in 2017, as reported by CSOonline.

Tesla opened its doors to white hats back in 2014. Researchers who have been the first to report a particular vulnerability in the car maker’s vehicle systems have made it into its Security Researcher Hall of Fame.

According to electrek, the company has given away hundreds of thousands of US dollars in rewards for reporting vulnerabilities in its vehicle systems.

Other targets at Pwn2Own will include web browsers, enterprise applications, and virtualization applications.

written by Tomas Foltyn, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s