Hackers Walk Away With $375,000 And A Tesla Model 3 At 2019 Pwn2Own Event

Sign up for daily news updates from CleanTechnica on email. Or follow us on Google News!
Pwn2Own hacking contest
Credit: YouTube

“Good hacking is a gift,” Elon Musk said in 2016. It can also be highly profitable. This past week, Amat Cama and Richard Zhu — who call themselves Team Flouroacetate — walked off with the top prize at the 2019 Pwn2Own hacking contest in Vancouver, Canada. They took home $375,000 in cash prizes and got to keep the Tesla Model 3 they hacked on the last day of the competition.

Cama and Zhu used a JIT (just in time) bug in the Model 3’s browser renderer process to execute code on the car’s firmware and show a message on its entertainment system, according to ZDNet.  Per contest rules announced last fall, they now gets to keep the car and a $35,000 reward. The rest of the money they earned by successfully hacking other software, including Apple Safari, Firefox, Microsoft Edge, VMware Workstation, and Windows 10.

“In the coming days we will release a software update that addresses this research,” a Tesla spokesperson told ZDNet. “We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

This is the second Pwn2Own hacking contest Team Fluoroacetate has won. It also ranked first and received the “Master of Pwn” trophy at the Pwn2Own Tokyo conference in November 2018.

According to Wikipedia, “Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference, beginning in 2007. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited, a cash prize, and a ‘Masters’ jacket celebrating the year of their win.”

Organized by Trend Micro’s Zero Day Initiative team, it is considered the top hacking contest for white hat researchers in the information security field. Over the past few years, many of the companies which have had their apps hacked at Pwn2Own are now sponsoring the contest and have engineers onsite to receive the vulnerability reports from the researchers themselves, sometimes delivering patches within hours. Any successful hacks are transmitted immediately to the affected companies.

For more on how Team Flouroacetate hacked that gorgeous red Model 3, check out this video.


Have a tip for CleanTechnica? Want to advertise? Want to suggest a guest for our CleanTech Talk podcast? Contact us here.

Latest CleanTechnica.TV Video


Advertisement
 
CleanTechnica uses affiliate links. See our policy here.

Steve Hanley

Steve writes about the interface between technology and sustainability from his home in Florida or anywhere else The Force may lead him. He is proud to be "woke" and doesn't really give a damn why the glass broke. He believes passionately in what Socrates said 3000 years ago: "The secret to change is to focus all of your energy not on fighting the old but on building the new." You can follow him on Substack and LinkedIn but not on Fakebook or any social media platforms controlled by narcissistic yahoos.

Steve Hanley has 5485 posts and counting. See all posts by Steve Hanley