Pwn2Own 2019 Day 3 – Experts earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser.
Pwn2Own 2019 Day 3 – Hackers focused their efforts on car hacking, two teams participated in the competitions but only one of them reached the goal.
The security experts Amat Cama and Richard Zhu of team Fluoroacetate, earned $35,000 for their exploit, along with the Tesla they hacked. The white hat hackers managed to display a message on the car’s web browser by exploiting a just-in-time (JIT) issue in the renderer component.
This was the first time that the competition had an automotive hacking session. The organizations offered the highest rewards for exploits for modem or tuner, Wi-Fi or Bluetooth, key fobs, and the autopilot.
There was a reward, up to $250,000, for hacking the gateway, autopilot or security system.
Cama and Zhu won a total of $375,000 in cash in the three days for exploits against Safari, Oracle VirtualBox, VMware Workstation, Firefox, and Microsoft Edge.
“After a few minutes of setup, and with many cameras rolling, they successfully demonstrated their research on the Model 3 internet browser. They used a JIT bug in the renderer to display their message and earn $35,000. Of course, this is Pwn2Own so they also get the car.” reads the post published by ZDI.
The Pwn2Own Vancouver 2019 awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and the Tesla infotainment system.
All the vulnerabilities exploited at Pwn2Own 2019 have been already reported to vendors, the organization will give them 90 days before their public disclosure.
If you are interested in news about the other days of the competition give a look here:
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.