Highly-connected cars like Teslas bring all sorts of advantages, like over-the-air updates that deliver new features. But they may also be open to digital attacks. In the past, reports have emerged of hackers remotely controlling cars, stealing vehicles by copying entry fobs and performing digital hot wires. To improve the security of it cars and show how hard it's already worked to secure them, Tesla is partnering with Trend Micro's Zero Day Initiative to offer big cash prizes to hackers who can breach the systems on a Model 3 at the annual Pwn2Own event.
At Pwn2Own 2019, which is held in Vancouver, two security researchers were rewarded with Model 3s for breaching the vehicle's systems via car's infotainment center browser. Team Fluoroacetate -- featuring Amat Cama and Richard Zhu -- utilized a JIT bug in the browser renderer to execute code on the car's firmware and display a message on the screen.
In March, Trend Micro and Tesla will hand out cash as well as cars to anyone who manages to crack the top layer of security eligible to win both a Model 3 and up to $500,000.
The prizes are divided into different tiers, depending on the difficulty of the hack. The top tier prize requires the hackers to perform a highly complex hack by entering the system via the tuner, Wi-Fi, Bluetooth or modem, pivoting through intermediate systems like the infotainment and then executing code on the VCSEC, Gateway or Autopilot systems.
Other cash prizes of up to $400,000 and $100,000 are available for performing code executions on one or two different sub-systems respectively.