A security conference will let you hack a Tesla car and earn cash prizes

Pwn2Own CanSecWest organizers will have a car on-site and let security researchers try their luck.
Written by Catalin Cimpanu, Contributor
Tesla Model 3

Tesla Model 3

Image: Tesla Motors

The organizers of the Pwn2Own CanSecWest security conference that will be held this March in Vancouver, Canada, will let security researchers have a go at hacking a Tesla Model 3 car.

Researchers will be able to win different prizes ranging from $35,000 to $300,000 depending on the exploits they use and the car systems they target.

The first researcher who achieves a successful exploit, regardless of the targeted component and method, will also win a brand new Tesla Model 3 model, according to Brian Gorenc, Director of Trend Micro's Zero Day Initiative (ZDI) program, the conference's organizers.

The conference's organizers will have a Tesla Model 3 mid-range rear wheel drive car on-site for security researchers to attempt their hacks on.

Researchers can earn prizes if they can gain code execution rights on car components like the modem, tuner, WiFi, Bluetooth, autopilot, gateway, or VCSEC systems. A successful exploit must start a communications channel with a rogue base station or other malicious entity.

Researchers can also gain prizes if they can also achieve code execution privileges on the car's infotainment system and browse to malicious content.

Last but not least, researchers can also win a cash reward if they target Tesla's key fob and phone-as-key protocols and achieve code execution, unlock doors, or start the car.

All prizes are detailed in the tables below, along with bonuses for achieving and maintaining root access after a car reboot, or escalating the exploit code's access to the car's central CAN bus component, considered the backbone of every modern smart car.

Rewards for Tesla exploits
Image: ZDI
Rewards for Tesla exploits
Image: ZDI

Hacking Tesla cars seems like an impossible task, but it isn't. Several research teams have hacked Tesla cars in the past, albeit other models [1, 2, 3].

Besides hacking an on-site Tesla car, researchers attending the same competition can win a trove of other prizes for breaking into other applications such as:

  • Virtualization category: Oracle VirtualBox, VMWare Workstation, VMWare ESXi, Microsoft Hyper-V
  • Browser category: Firefox, Chrome, Safari, Edge
  • Enterprise app category: Adobe Reader, Office 365 ProPlus, Outlook
  • Server-side category: Windows RDP

Prizes in these categories range from $35,000 to $250,000. Contest rules are available here.

Yubico Security Key NFC

More cybersecurity news:

Editorial standards