Pwn2Own has been the foremost hacking contest for more than a decade, with cash prizes paid for exploits that compromise the security of all manner of devices and software. Browsers, virtual machines, computers, and phones have all been fair game. Now in its 13th year, the competition is adding a new category—a Tesla Model 3, with more than $900,000 worth of prizes available for attacks that subvert a variety of its onboard systems.
The biggest prize will be $250,000 for hacks that execute code on the car’s gateway, autopilot, or VCSEC. A gateway is the central hub that interconnects the car’s powertrain, chassis, and other components and processes the data they send. The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions. Short for Vehicle Controller Secondary, VCSEC is responsible for security functions, including the alarm.
These three systems represent the most critical parts of a Tesla, so it’s not hard to see why hacks that target them are eligible for such huge payouts. To qualify, the exploits must force the gateway, autopilot, or VCSEC to communicate with a rogue base station or other malicious entity. Meanwhile, a denial-of-service attack that takes out the car’s autopilot will pay $50,000.
Pwn2Own will pay $100,000 for hacks that attack the Tesla’s key fob or Phone-as-Key either by achieving code execution, unlocking the vehicle, or starting the engine without using the key. The competition will also pay a $100,000 add-on prize for winning hacks in another category that attack the car’s controller area network, or CAN bus. This system allows microcontrollers and devices to communicate with each other.
Yet another category of hacks will target the Tesla’s infotainment system. Hacks that escape the security sandbox or escalate privileges to root or access the OS kernel will fetch $85,000. Otherwise, an infotainment hack will receive $35,000.
Last, Wi-Fi or Bluetooth hacks will pay $60,000. A separate add-on payment of $50,000 will be paid for winning hacks that achieve persistence, which means they maintain root access even after a reboot.
Pwn2Own has long attracted attention because it gives many hackers the incentive they require to part with exploits that otherwise would never see the light of day. More often than not, hacks of that caliber are sold only privately to exploit brokers or reported privately in bug-bounty programs.
Pwn2Own takes place twice a year and is sponsored by Trend Micro’s Zero Day Initiative. ZDI privately reports the vulnerabilities to the responsible vendors. Those details are kept under close wraps until after the vulnerabilities are fixed.
Besides Teslas, other categories this time around include virtualization, with a $250,000 award for a successful Hyper-V client guest-to-host escalation and $150,000, $70,000, and $35,000 for hacks of VMware ESXi, VMware Workstation, and Oracle VirtualBox respectively. A Web-browser category will pay $80,000 for hacks of Chrome and Microsoft Edge with a Windows Defender Application Guard-specific escape. A Firefox exploit will pay $40,000.