For more than a decade, Pwn2Own has been the biggest hacker contest with operating prizes that threaten the security of all types of devices and software. Browsers, virtual machines, computers and phones have been fair. This year, in the 13th year, the competition adds a new category, the Tesla Model 3, which has more than $ 900,000 worth of awards to destroy various on-board systems.
The biggest prize will be $ 250,000 for hacks that execute code in the car gateway, autopilot, or VCSEC. A gateway is a central hub that connects the car's power drive, chassis and other components and processes the data sent. Autopilot is a driver assistant that helps control lane change, parking and other driving functions. The VCSEC is short for the safety of the vehicle, including the alarm.
These three systems are the most important parts of Tesla, so it is not difficult to understand why the hacks that are suited to them are suitable for such huge costs. To qualify, applications need to force the gateway, autopilot, or VCSEC to contact an unfair base station or other malicious object. Meanwhile, a service denial attack that removes the car's autopilot will cost $ 50,000.
Pwn2Own will cost $ 100,000 for hacks that attack the Tesla Key Phob or Phone-as-Key, either by executing code execution, unlocking the vehicle, or starting the engine without using a key. The contest will also cost a $ 100,000 extra prize for winning in another category that attacks the car controller area network or CAN bus. This system allows microcontrollers and devices to communicate with each other.
Another category of hacks will focus on the Tesla information and entertainment system. Hacks that escape the security sandbox or increase privileges to root or access the OS kernel will receive $ 85,000. Otherwise, the information and entertainment hack will get $ 35,000.
Finally, Wi-Fi or Bluetooth hacks will cost $ 60,000. A $ 50,000 payout will be paid for the victory that means that they will keep root access even after rebooting.
Hacking is subject to
Pwn2Own has long attracted attention, as it gives many hackers the incentive they need to take advantage of the exploitation that would never see the light of the day. Most often, these caliber hacks are only sold privately to use brokers or report private programs in bug-bounty programs.
Pwn2Own takes place twice a year and is sponsored by Trend Micro Zero Day. ZDI privately reports vulnerabilities to responsible sellers. These parts are stored tightly in the package until the vulnerabilities are fixed.
Besides Tesla, other categories this time include virtualization, with a $ 250,000 prize for a successful Hyper-V client escalation and $ 150,000, $ 70,000 and $ 35,000 for VMware ESXi, VMware Workstation and Oracle VirtualBox, respectively. Web browser category will cost $ 80,000 for Chrome and Microsoft Edge hacks with Windows Defender application protector. Firefox operation will cost $ 40,000.
The contest will take place in March at the CanSecWest conference in Vancouver. Details of the contest are here.