Pwn2Own 2023: Tesla Up for Grabs for Hackers
Tesla has returned to the Pwn2Own hacking contest and is offering a $600,000 USD cash reward to anyone who can write an exploit capable of bypassing multiple systems in its electric vehicles (EVs) and achieving an arbitrary code execution — reports SecurityWeek.
In addition to the cash prize, any hacker who succeeds will also get a free Tesla. “Success here gets a big payout and, of course, a brand-new Tesla,” the contest’s organizers announced on Thursday.
Pwn2Own is a biannual ethical hacking contest where contenders gather to exploit widely used hardware and software through previously unknown vulnerabilities. Those who succeed are awarded a cash prize, and also get to keep the device they exploited.
Companies often take part in events organized by Pwn2Own to test the security of their products. Last year, a team of IT specialists from cybersecurity company Synacktiv succeeded in hacking into a Tesla Model 3. The vulnerability they exploited, which allowed remote access to the vehicle, was later patched by Tesla.
This year, Tesla is challenging hackers to try their hand at competing against either a Tesla Model 3 (Intel or Ryzen-based) or the Tesla Model S (Ryzen-based).
Organizers are looking for exploits targeting Tesla’s Tuner, Wi-Fi, Bluetooth, or Modem components. Furthermore, hackers must demonstrate a successful intermediate pivot to the vehicle’s infotainment system and execute code against VCSEC, Gateway, or Autopilot.
Success carries a base cash prize of $500,000 (along with the exploited vehicle itself), with additional objectives that can raise the payout to $600,000 — the highest in Pwn2Own history. “This represents the single largest target in Pwn2Own history,” conference organizers said on Thursday.
Pwn2Own organizers believe that an exploit capable of completely taking over a Tesla is a tall order. “It’s difficult to express the complexity of completing such a demonstration, but we’re certainly hopeful that someone can show off their exploit skills and drive off a winner,” they said.
What’s more, Pwn2Own is offering cash prizes ranging from $250,000 to $400,000 to entice attackers to showcase exploits capable of accessing some of the vehicle’s sub-systems. “This level requires the contestant to get arbitrary code execution on two different sub-systems in the vehicle, which is certainly a difficult challenge.”
Pwn2Own also announced the addition of a Steam VM Escape category where competitors can go against both the Tesla Model 3 and the Tesla Model S.