The organizers of the Pwn2Own CanSecWest security conference that will be held this March in Vancouver, Canada, will let security researchers have a go at hacking a Tesla Model 3 car.
Researchers will be able to win different prizes ranging from $35,000 to $300,000 depending on the exploits they use and the car systems they target.
The first researcher who achieves a successful exploit, regardless of the targeted component and method, will also win a brand new Tesla Model 3 model, according to Brian Gorenc, Director of Trend Micro's Zero Day Initiative (ZDI) program, the conference's organizers.
The conference's organizers will have a Tesla Model 3 mid-range rear wheel drive car on-site for security researchers to attempt their hacks on.
Researchers can earn prizes if they can gain code execution rights on car components like the modem, tuner, WiFi, Bluetooth, autopilot, gateway, or VCSEC systems. A successful exploit must start a communications channel with a rogue base station or other malicious entity.
Researchers can also gain prizes if they can also achieve code execution privileges on the car's infotainment system and browse to malicious content.
Last but not least, researchers can also win a cash reward if they target Tesla's key fob and phone-as-key protocols and achieve code execution, unlock doors, or start the car.
All prizes are detailed in the tables below, along with bonuses for achieving and maintaining root access after a car reboot, or escalating the exploit code's access to the car's central CAN bus component, considered the backbone of every modern smart car.
Besides hacking an on-site Tesla car, researchers attending the same competition can win a trove of other prizes for breaking into other applications such as:
- Virtualization category: Oracle VirtualBox, VMWare Workstation, VMWare ESXi, Microsoft Hyper-V
- Browser category: Firefox, Chrome, Safari, Edge
- Enterprise app category: Adobe Reader, Office 365 ProPlus, Outlook
- Server-side category: Windows RDP
Prizes in these categories range from $35,000 to $250,000. Contest rules are available here.
More cybersecurity news:
- Details published about vulnerabilities in popular building access system
- G Suite update warns you when someone is exporting your company's data
- NASA internal app leaked employee emails, project names
- New tool automates phishing attacks that bypass 2FA
- Zerodium will now pay $2 million for Apple iOS remote jailbreaks
- SCP implementations impacted by 36-years-old security flaws
- Google now lets you donate to charity through the Play Store CNET
- Phishing and spearphishing: A cheat sheet for business professionals TechRepublic