For this year’s edition of the Pwn2Own hacking contest at CanSecWest, Trend Micro’s Zero Day Initiative has announced a new target category: Automotive.
So, aside from striving to hack a variety of virtualization solutions, web browsers, enterprise applications and Microsoft Windows RDP, security researchers will be able to attempt to exploit a Tesla Model 3.
Hacking a Tesla
“Tesla essentially pioneered the concept of the connected car with their Model S sedan, and in partnership with Tesla, we hope to encourage even more security research into connected vehicles as the category continues to expand,” says ZDI Director Brian Gorenc.
“Prizes range from $35,000 to $300,000 depending on a variety of factors including the exploit used. And the first successful researcher can also drive off in their own brand new Model 3 after the competition ends.”
Researchers are directed to target the car’s modem or tuner; Wi-Fi or Bluetooth; the infotainment system; the gateway, autopilot or VCSEC (the system responsible for security functions).
They are also asked to attempt a Denial of Service attack on the autopilot function, and an attack on the Key Fob or Phone-as-Key option.
Some of the categories come with additional prizes if the researchers can maintain roote persistence on the target in spite a reboot or if their payload achieves control of the car’s CAN bus – the specialized communication network that allows microcontrollers and devices to communicate with each other in applications without a host computer.
“We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us. Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle – we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community,” said David Lau, Vice President of Vehicle Software at Tesla.
“We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems.”
For more information about the rules of the contest and available targets, go here.