As a software developer, I often find interest in software bug bounties. A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. Apple, Google, and many of the large software companies will also participate in such a program.
In this realm of software companies, often times automotive doesn’t necessarily come to mind. However, if you think how your car is pretty much becoming a rolling computer, it starts to make sense. Now when you talk about Tesla, they are pretty software-centric and sure enough invite white hat hackers to have at it!
Tesla will be the first automaker to participate in the annual Pwn2Own computer hacking contest, which is run by Trend Micro’s Zero Day Initiative. Starting in 2007, Pwn2Own has evolved from a small demonstration with prizes averaging around $10,000 per exploit, to one of the most well-known security contests in the industry, with millions of dollars of cash and prizes made available to contestants over the years. At the event in Vancouver this March, Tesla will give away a Model 3 to the winner of the hacking contest. Prizes range from $35,000 to $300,000 depending on a variety of factors including the exploit used.
Automotive Category: Tesla Model 3
An attempt in this category must be launched against a Tesla Model 3 mid-range rear wheel drive vehicle. The available targets and awards are as follows:
— Entries against “Modem or Tuner”, “Wi-Fi or Bluetooth”, and “Gateway, Autopilot, or VCSEC” targets must achieve code execution by communicating with a rogue base station or other malicious entity.
— Entries against the “Infotainment” target must be launched from the target under test and must achieve code execution by browsing to malicious content.
— Entries against “Key Fobs or Phone-as-Key” target must achieve code execution, arbitrary vehicle unlock, or arbitrary vehicle start using protocol-related weaknesses. Entries related to Key Fob relay or “rolljam” attacks are not allowed.
Two add-on prizes are available in this category: