How to Sign In
Cengage Technology & Computing Blog
Showing results for 
Search instead for 
Did you mean: 
Hack a Tesla, Earn $900,000

[Reading Time - 2 minutes 20 seconds]


There has been increasing concern recently over security vulnerabilities found in our cars. Now a contest has been announced that will pay up to $900,000 for successfully hacking a Tesla.


Just how important is it to have strong security in cars? Consider the follow true event. Back in July 2015 a reporter for Wired magazine drove a Jeep Cherokee on I-64 outside St. Louis to demonstrate how easy it was for the car to be remotely controlled by two security researchers who were ten miles away. The researchers were able to change the air conditioning settings and the car's radio and turn off and on the windshield wipers and spray wiper fluid on the windshield. The researchers also performed more deadly acts. As the driver of the Jeep pressed the accelerator on a crowded Interstate highway, the car started slowing down with an 18-wheel truck barreling down on him. The researchers even disabled the brakes so that the Jeep ended up in a ditch. Due to a vulnerability anyone who knew the vehicle's Internet Protocol (IP) address could gain access remotely to the car. This incident resulted in Fiat Chrysler recalling 1.4 million vehicles to patch this vulnerability.


Now, back to the Tesla contest. Pwn2Own is one of the premier security contests that is held twice annually. Starting back in 2007, Pwn2Own has paid millions of dollars for vulnerabilities found in hardware (phones, computers, tablets) and software (browsers, virtual machines, etc.). Like most reputable bug bounty programs  the details of any uncovered vulnerabilities are reported back to the vendors but are kept secret from the general public until after the vulnerabilities have been fixed.


For the Spring 2019 competition, the categories that award prizes are for vulnerabilities found in virtualization software ($250,000 award for a successful Hyper-V client guest-to-host escalation or exploits of VMware ESXi, VMware Workstation, and Oracle VirtualBox), web browsers (Chrome, Microsoft Edge, and Firefox), and other software (Adobe Reader, Microsoft Office, and Microsoft Outlook).


And a new category of "Automotive" has now been added. Specifically, prizes will be awarded to those who can hack a Tesla Model 3. There are different components of the Tesla that will serve as targets in order to earn the cash prizes. These Tesla components include:

  • Gateway: A gateway is the computerized central hub that interconnects the car’s powertrain, chassis, and other systems.
  • Autopilot: The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions.
  • Vehicle Controller Secondary (VCSEC): This is responsible for different security functions, including the car's alarm.
  • Key Fob / Phone-as-Key: These are used to unlock the car or start the engine without using the key.
  • Infotainment system: An infotainment system provides information to the driver (like a map) or plays music.
  • Wi-Fi or Bluetooth: Another category is the wireless Wi-Fi or Bluetooth systems in the Tesla.

There are also different amounts of payment based on the seriousness of the exploit. For example, an attack that can escape the Tesla's security sandbox, escalate privileges for the hacker, or access the car's operating system kernel can earn a bonus. And those attacks that still maintain root access even after a reboot will also earn a bonus. In total, a contestant can earn up to $900,000 for successfully hacking a Tesla.


The Pwn2Own contest will be held on March 20-22 at the CanSecWest conference in Vancouver.


But here's a suggestion: you probably shouldn't drive your Tesla to the conference--just in case.