
Tesla, in putting up the Model 3 as the top (non-cash) prize in this year’s Pwn2Own, is throwing down the gauntlet to other car companies.
In addition to the cash prizes there are two Model 3 cars up for grabs, with one going to the person with the most ‘Master of Pwn’ points and the other for going to the hacker with the first successful exploit of the event.
Target | Prize |
Modem or Tuner | $100,000 |
Wifi or Bluetooth | $60,000 |
Gateway, Autopilot or VCSEC | $250,000 |
Autopilot DOS attack | $50,000 |
Key fobs or phone-as-key | $100,000 |
Persistence | $50,000 |
CAN Bus | $100,000 |
I suspect their competitors are not there because they are not ready. Given what we have seen from the automotive industry to date, I suspect most of Tesla’s competitors vehicles would be highly vulnerable to skilled hackers.
Tesla’s more traditional automotive rivals are, with the launch of luxury electric models, trying to take back the ground they have lost to Tesla (particularly in the US market). This prominent public display of Tesla’s willingness to be security tested in such an openly public arena is raising the cost of a ticket to the game for its competitors.
From the outset Tesla have operated differently from the rest of their industry. They have their own operating platform built from the ground up. With respect to their car operating system they have behaved more like a software company, with security inherent in their design process from the outset. For instance Tesla has run a bug bounty program since 2014, although the initial prizes were much more modest.
Despite their best efforts, recently there was an issue with the early model S keyless entry systems, though that was mitigated promptly with a software update to the cars that allows owners to set a PIN to augment the security.