Pwn2Own over a decade has been the hacking competition with the most prestigious prizes for farms that endanger security of all types of devices and software. Browsers, virtual machines, computers and phones have been fair games. Now, 13 years ago, a new category of competition is being added: Tesla Model 3, with over $ 900,000 in rewards, to attack many rich systems.
The biggest prize will be $ 250,000 for hackers to run cars, autopilots, or VCSEC code. The door is a gateway that joins the car's powertrain, chassis and other components and processes that send data. The car is a driver's assistant. Control adjacent changes, parking lots and other driving functions. Short Vehicle Control Short, VCSEC is responsible for security functions, including alarm.
These three systems are part of the most critical part of a Tesla, so it's not hard for them to hack those big hacks. To qualify, accidents should force gateway, automatic pilot or VCSEC to communicate with a base station or other malicious entity. In the meantime, the refusal of the car's automatic car rider will fall for $ 50,000.
Pwn2Own will pay $ 100,000 for Tesla's key fob or Phone-as-Key hacking attacks to get the code executed, unlock the vehicle or use the engine key. The contest will pay an extra 100,000 extra in the car to win the winners of a driver's network or another CAN bus counter. This system allows communication between microcontrollers and devices.
However, another hacker category will be directed to the Tesla infotainment system. Security hackers or OS kernels that escape from the sandbox escape or scalability privileges will be made $ 85,000. Otherwise, the infotainment hack will receive $ 35,000.
In the end, Wi-Fi or Bluetooth hacks will have to pay $ 60,000. Another $ 50,000 paid supplement will be paid for hackers who sustain sustainability, which means they have access to fast access after restarting.
Pwn2Own has attracted attention because ancient hackers make incentives, they will never be able to share the light of day with those who will never see it. Unlike most, the hacking of that calibration is sold privately only to defaults programs that are exploited or sold privately.
Pwn2Own twice a year is backed by the Trend Micro Zero Day Initiative. The ZDI reviews the weaknesses of vendor makers. These details are kept under static finish until weaknesses are resolved.
In addition to Tesla, other means include virtualization in this time, respectively, to obtain a successful $ 500,000 and $ 150,000, $ 70,000 and $ 35,000 hack for VMware ESXi, VMware Workstation and Oracle VirtualBox respectively for successful escalation of the Hyper-V client host. The Web Browser Category pays $ 80,000 for Chrome and Microsoft Edge hacking, with a specific escape from Windows Defender Application Protection. An exploitation in Firefox will cost $ 40,000.
The contest will take place in March at the CanSecWest conference in Vancouver. There are more details on the competition here.