- 3rd April 2019
- Posted by: Bigwig Fx
- Category: Competitive research, Innovation
Tesla Model 3
Two 20-something computer hackers exposed a security bug in the Tesla Model 3 that allowed them to hack into the electric car’s internal web browser. Instead of getting in trouble, they walked away with their own Model 3, along with a total of $375,000 in prize money.
Richard Zhu and Amat Cama are the hacking duo known as team Flouroacetate, and the pair of computer security researchers recently dominated Pwn2Own, an annual competition that attracts some of the world’s top hackers.
Zhu and Cama identified a JIT (or “just-in-time”) bug in the Model 3’s web browser that allowed them to hack into the car’s system and write a message on the car’s dashboard display screen, the Zero Day Initiative said in a blog post. For their effort, the pair was allowed to keep the car and they also won $35,000 just for that one hack. (The Model has a starting price of $35,000.)
Pwn2Own hands out prize money to competitors who identify bugs in products from huge tech companies like Tesla, Apple, Microsoft and others. Over the course of this year’s three-day competition, Zhu and Cama won a total of $375,000 across multiple hacking events that included exploiting bugs in products like Apple’s Safari browser and Microsoft Windows. (The event handed out a total of $545,000 in prizes, according to the Zero Day Initiative.)
Cybersecurity company Trend Micro’s Zero Day Initiative has run the Pwn2Own competition for over a decade but the event in Vancouver last week marked the first time that Tesla put up one of its vehicles to be hacked for potential vulnerabilities.
Meanwhile, Tesla responded to the Flouroacetate team’s victory by thanking the duo for their work and the company promised to release a software update to fix the issue.
“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser…” Tesla said in an e-mail statement to CNBC Make It. “In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”