Pwn2Own is an important hacking contest which is around for more than a decade, where hackers get big cash prizes for the exploits compromising the security of all means of devices and software. Computers, Phones, virtual machines, browsers have all been fair game. Pwn2Own is now at its 13th year and adding a new category of Tesla Model 3 to the competition with more than $900,000 worth of prizes for a break into its onboard systems.
The hacks for executing the code on car’s gateway, autopilot or VCSEC get the biggest prize of $250,000. The gateway is the central hub in the car that joins the powertrain, chassis and other important components and processes the data they send.
Autopilot is the driver assistant feature helps to control the lane changing, parking, and other driving functions. VCSEC (Vehicle Controller Secondary) is responsible for the security functions including the alarm.
The three systems mentioned above are the most critical parts of Tesla Model 3. To qualify, the exploits must force the gateway, VCSEC, and autopilot to communicate with a rogue base station or any other malicious entity. On the other hand, DOS attack which puts down the car’s autopilot system will pay $50,000.
The hacks that attack the car’s key fob or Phone As Key either by unlocking the car, code execution or starting the engine without using the key, Pwn2Own will pay $100,000 for these. Moreover, the competition will also pay add-on prize of $100,000 for the hacks that attack in another category of vehicle’s controller area network or CAN bus which lets microcontrollers and devices to communicate with each other.
For attacking Tesla’s infotainment system, for escaping the security sandbox or escalate privileges to the root or access the OS kernel will get $85,000. Bluetooth or Wifi hacks will get paid $60,000. Moreover, an add-on payment of $50,000 will be paid if the hacks maintain the root access even after the reboot.
The Pwn2Own competition is held twice a year and sponsored by Trend Micro’s Zero Day Initiative. They report those vulnerabilities to the responsible vendors privately and all those details are kept under close wrap until after they are fixed.
Other categories besides Tesla around this time are virtualization, with a $250,000 award for a successful Hyper-V client guest-to-host escalation and $150,000, $70,000, and $35,000 for hacks of VMware ESXi, VMware Workstation, and Oracle VirtualBox. A Web-browser category will pay $80,000 for hacks of Chrome and Firefox exploit will pay $40,000, Microsoft Edge with a Windows Defender Application Guard-specific escape.
Get real time update about this post categories directly on your device, subscribe now.