Hackers win Pwn2Own hacking contest by breaking into Tesla car web browser

Key Highlights

Amat Cam and Richard Zhu win Pwn2Own hacking contest this year.

Security Researchers received $375,000 including a Tesla Model 3 as their reward for entering into internet browser of Tesla Model 3. 

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Tesla, Apple, and several others.

Apple Safari, VMware Workstation, Mozilla Firefox spend hundreds of thousands of dollars for removing bugs and malware from their software and there are several hacking contests conducted all over the globe for finding out loopholes out of browsers and systems. In the same way, Pwn2Own is an annual high profile hacking contest. In this contest every year thousands of dollars are put as prize money but this year it is the first time when a car is included as contest reward. Tesla handed over its new Model 3 Sedan to Pwn2Own this year. The pair of Security Researchers Amat Cam and Richard Zhu called Fluoroacetate won this renowned hacking contest taking home $375,000 in prizes including a Tesla Model 3 as their reward for entering into internet browser of Tesla Model 3. 

Pwn2Own has organized 12th hacking contest this year and it is run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than$4 million since initiation of the program.

According to ZDI, pair of hackers astounded the assembled crowd as they entered the vehicle. Within a few minutes of setup pair of hackers successfully demonstrated their research on the Model 3 internet browser. The researcher pair took the assistance of JIT bug in the renderer to display their message and winning the prize. JIT or just-in-time bug is a bypasses memory that randomizes data that normally would keep secrets protected.

According to the TechCrunch report, Tesla will bring a software update to fix the vulnerability discovered by the hackers.

According to an email statement of Tesla, “We put Model 3 into the world-renowned Pwn2Own hacking competition to come across with the most talented members of the security research community, with the goal of surveying this exact type of feedback. During the competition, researchers demonstrated vulnerability against the in-car web browser,” It also added, “There are various layers of security within our cars which functioned as designed and successfully contained the demonstration to just the browser while protecting all other vehicle functionality. We will bring a software update to remove out this bug from our vehicles and we thank these researchers in assisting us to continue to ensure our cars are the most secure on the road today.

Pwn2Own Vancouver a Pwn2Own’s spring vulnerability research competition was held from March 20 to 22. It consists of five categories including enterprise applications, web browsers, and new automotive category, server-side and virtualization software. Pwn2Own awarded a total of $545,000 for 19 unique bugs in Tesla, Apple, VMware workstation, Microsoft Edge and Windows, Mozilla Firefox and Safari.

Stay connected to us for latest updates!