Tesla, the electric automotive company run by Elon Musk, will be offering $1 million and a free car as bug bounty rewards to hackers at the annual Pwn2Own hacking competition to be held in Vancouver in March this year.
White hat hackers and security researchers can earn these rewards if they are able to completely compromise a Tesla Model 3.
In March last year, a security research team named Fluoroacetate won a Tesla Model 3 and $35,000 for hacking Tesla’s infotainment system (Chromium) via its browser.
During the hacking competition, Fluoroacetate’s Amat Cama and Richard Zhu had successfully managed to display a message on the car’s web browser by exploiting JIT bug in the browser renderer process.
According to Tesla, such hacking events allow them to test as well as improve their security systems by addressing areas of concern.
In the hacking competition to be held this year, Tesla is offering three tiers of prizes for hackers who can find vulnerabilities on the best-selling car in its fleet, the Model 3.
“Tesla vehicles are equipped with multiple layers of security, and this time around, there are three different tiers of awards within the Automotive category that correspond to some of the different layers of security within a Tesla car, with additional prize options available in certain instances,” reads the press release by Trend Micro’s Zero Day Initiative (ZDI) on the challenge.
For instance, if an individual is able to completely compromise a Tesla Model 3, it will fetch him or her a brand-new Tesla Model 3 as part of Tier 1 prizes. In addition to the vehicle, the individual will also get a cash prize of $500,000 from ZDI.
To qualify for the Tier 1 award, the contestant will need to pivot through multiple systems in the car, which means they will need a complex exploit chain to get arbitrary code execution on three different sub-systems in the vehicle.
Besides the free car and $5,00,000 payout, the contestant can also earn an additional payout of $2,00,000 for hacking areas such as Infotainment Root Persistence, Autopilot Root Persistence and Arbitrary Control Of The Can-Bus.
According to a Trend Micro ZDI spokesperson, Tesla’s challenge is extremely tough this year, but it also comes with a record-setting reward.
“This represents the single largest target in Pwn2Own history. If someone can do this, it would also mean 70 total Master of Pwn points, which is nearly insurmountable,” the spokesperson said. “We wanted to include Tesla because they pioneered the concept of a connected car and over-the-air updates for their entire vehicle fleet nearly a decade ago, and have been leading the space ever since.”
For more information on the rules involved with the Model 3 challenge, you can read over here.
The Pwn2Own hacking contest is scheduled to be held at the CanSecWest conference in Vancouver between March 18 and March 20.
