A group of hackers managed to crack a Tesla Model 3 as part of a hacking competition and Tesla gave them the car for exposing the vulnerability.
As we reported earlier this year, Tesla is the first automaker to participate in a Pwn2Own hacking event, which is run by Trend Micro’s Zero Day Initiative (ZDI).
The automaker made a Model 3 available to hackers in order for them to find and exploit vulnerabilities in the vehicle’s system.
The event happened in Vancouver this week and a team of two hackers managed to find an exploit on the last day of competition.
Amat Cama and Richard Zhu of team Fluoroacetate targeted the infotainment system on the Tesla Model 3 and used “a JIT bug in the renderer” to manage to take control of the system:
For exposing the vulnerabilities and giving the automaker the opportunity to improve its software security, Tesla is giving them the Model 3.
It’s adding to several more prizes won by team Fluoroacetate during the competition.
Over the past 4 years, Tesla has been running a bug bounty program and according to sources familiar with the effort, the company has given away hundreds of thousands in rewards to hackers who exposed vulnerabilities in its systems.
The automaker increased its max payout per reported bug to $15,000 last year and it also took a great step in reassuring owners who are hacking their own vehicles.
Tesla said that it will not void its warranty when a vehicle is hacked for “pre-approved good faith security research.
David Lau, Vice President of Vehicle Software at Tesla, commented on their effort:
“We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us.Since launching our bug bounty program in 2014 – thefirst to include a connected consumer vehicle– we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community. We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems.”
Tesla has also been fairly quick to fix vulnerabilities exposed by white hat hackers.
Back in 2016, we reported on a Chinese whitehat hacker group, the Keen Security Lab at Tencent, managing to remotely hack the Tesla Model S through a malicious wifi hotspot. It is believed to be the first remote hack of a Tesla vehicle.
The hackers reported the vulnerability to Tesla before going public and the automaker pushed an update fairly quickly.