Last year, Tesla made headlines when it made a Mid-Range Model 3 RWD a target and prize at a Pwn2Own hacking competition. Two hackers participating at the event were able to find a vulnerability with the Model 3’s browser, allowing them to win the vehicle and over $350,000 in prize money. But Tesla is a company that never stays still, so this year, the electric car maker is returning to an upcoming Pwn2Own event this March, armed with a much more secure Model 3 and a bigger cash reward.
This time around, Tesla is offering three tiers of prizes for hackers who can find vulnerabilities in the Model 3. Hackers who wish to claim the highest “Tier 1” prize would need to pivot through multiple systems in the car to find vulnerabilities. But if they are successful, they will win the Model 3 and a $500,000 prize. But that’s not all. Contestants can also aim to acquire additional options to increase the cash prize to $700,000.
In a statement to Forbes, a spokesperson from Trend Micro ZDI explained that Tesla’s challenge this year is incredibly tough, but it also comes with a record-setting reward. “This represents the single largest target in Pwn2Own history. If someone can do this, it would also mean 70 total Master of Pwn points, which is nearly insurmountable,” the spokesperson said. “We wanted to include Tesla because they pioneered the concept of a connected car and over-the-air updates for their entire vehicle fleet nearly a decade ago, and have been leading the space ever since.”
Just like last year, Tesla will be joining other tech companies at the upcoming Pwn2Own event. While Tesla appears to be the only automaker that is willing to test its vehicles’ security against the best white hat hackers in the industry, other mainstream tech companies are also allowing their key products to be targets for the competition. Google’s Chrome, Microsoft’s Edge, Apple’s Safari, and Mozilla’s Firefox web browsers, for example, are all targets this time around for the Web Browser category. At the same time, Microsoft’s Office 365 Plus and Adobe Reader are the targets for the Enterprise Applications category.
Tesla’s participation in events such as Pwn2Own highlights the company’s Silicon Valley roots. The company’s electric vehicles usually dominate the news cycle, resulting in Tesla being commonly dubbed as a carmaker. But the company is far beyond that, as it is, at its core, a tech firm. This is one of the reasons why Teslas are so different from any other vehicle on the road. Its vehicles are equipped with proprietary software and hardware that provides something akin to an Apple-like experience for customers.
This distinction is something that Tesla had emphasized since 2014, when the company broke conventions by launching its Bug Bounty program. By doing so, Tesla practically invited white hat hackers to find security faults in its vehicles. Tesla’s efforts have largely borne fruit, with several security features today, such as PIN-to-Drive, being developed as a result of the company’s Bug Bounty program.
The upcoming Pwn2Own event will be held at the CanSecWest conference, which is scheduled to run from March 18-20, 2020.
