Pwn2Own is the main competition for hackers for more than ten years, with cash prizes paid for feats, violating the security of various devices and software. Browsers, virtual machines, computers and phones were fair. Now in its 13th year, the competition adds a new category – the Tesla Model 3, with more than $ 900,000 worth of prizes available for attacks that subvert the variety of its onboard systems.
The biggest prize is $ 250,000 for hacks that perform code on the car gateway, autopilot, or VCSEC. A gateway is a central node that connects the powertrain, chassis and other components of the car and processes the data they send. Autopilot is a driver assistant function that helps to control lanes, parking and other control functions. In short, VKSS is responsible for security functions, including signaling.
These three systems represent the most critical parts of Tesla, so it's not hard to understand why the khaki that are directed to them are entitled to such large payouts. To qualify, feats should force the gateway, autopilot, or VCSEC to communicate with the scanner base station or other malicious objects. Meanwhile, an auto service retaliation attack, paid by the autopilot, will pay $ 50,000.
Pwn2Own will pay $ 100,000 for hacks that attack Tesla or Phone-as-Key keyboards or by executing code, unlocking a car or starting a motor without using a key. The contest will also pay an additional $ 100,000 for winning hacks in another category that attack the network of car controllers or the CAN bus. This system allows microcontrollers and devices to communicate with each other.
Another category of hacks will be focused on the information and entertainment system of Tesla. Hacks that come out of the security sandbox or increase root privileges or access to the kernel OS will receive $ 85,000. Otherwise, the information and entertainment hack will receive $ 35,000.
Finally, Wi-Fi or Bluetooth khaki will pay $ 60,000. A separate $ 50,000 surcharge will be paid for winning hacks, which are persevering, which means they support root access even after rebooting.
Evil is exposed
Pwn2Own has long attracted attention because it gives many hackers the incentive they need to part with a feat that otherwise never sees the light of the day. Most often, hacks of this caliber are sold only privately to operate brokers or to report them in private programs.
Pwn2Own takes place twice a year and is sponsored by Zero Day's initiative. ZDI privately reports vulnerable sites to responsible suppliers. These details are stored in a tight wrap until the vulnerabilities are fixed.
In addition to Teslas, other categories this time include virtualization, with a reward of $ 250,000 for a successful client escalation from the guest to the Hyper-V host and $ 150,000, $ 70,000, and $ 35,000 for the hacks of VMware ESXi, VMware Workstation, and Oracle VirtualBox, respectively. The web browser category will pay $ 80,000 for Chrome hacks and Microsoft Edge with the special release of the Windows Defender application defender. Apple Firefox will pay $ 40,000.
The competition will be held in March at the CanSecWest conference in Vancouver. More about the competition can be found here.