[ad_1]
Two security researchers dominated Pwn2Own, the annual high-profile hacking contest, winning $ 375,000 in prizes, including a Tesla. Model 3: reward for the successful exposure of a vulnerability of the electric vehicle infotainment system.
Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car was included in the competition. Pwn2Own is in its 12th year and is managed by Trend Micro's Zero Day Initiative. ZDI has awarded more than $ 4 million over the duration of the program.
The pair of hackers Richard Zhu and Amat Cam, said team fluoroacetate, "Delighted the assembled crowd" when they entered the vehicle, according to ZDI, who noted that after a few minutes of setup, they had managed to demonstrate their research on the Model 3 Internet browser.
The pair used a JIT bug in the rendering engine to post its message – and won the prize, which included the car itself. In simple terms, a just-in-time JIT, or bug, bypasses the memory randomization data that would normally protect the secrets.
Tesla told TechCrunch that he was going to release a software update to fix the vulnerability discovered by the hackers.
"We have integrated Model 3 into the world-renowned Pwn2Own competition to engage with the most talented members of the security research community to solicit this type of accurate feedback. During the competition, the researchers demonstrated a vulnerability to the car's web browser, "Tesla said in a statement. "There are several levels of security in our cars that worked as expected and managed to contain the demonstration only for the browser, while protecting all other features of the vehicle. In the coming days, we will release a software update that addresses this research. We understand that this demonstration has required extraordinary effort and skill, and we thank these researchers for their work, which has allowed us to continue to ensure that our cars are the safest on the road today. "
Pwn2Own's spring vulnerability research competition, Pwn2Own Vancouver, ran from March 20-22 and included five categories, including web browsers, virtualization software, enterprise applications, server-side software and new automotive category.
Pwn2Own has awarded a total of $ 545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox and Tesla.
Tesla has had public relations with the hacker community since 2014, when the company launched its first bug bonus program. And he has grown and evolved since.
Last year, the company increased the maximum amount of the bonus from $ 10,000 to $ 15,000 and added its energy products. Today, Tesla vehicles and all directly hosted servers, services and applications are now included in their bonus program
[ad_2]
Source link