Tesla has been working closely with white hat hackers for years in order to make its vehicle software safer and now it’s taking an unprecedented step: it’s going to be giving away a Model 3 to a hacker who can crack the vehicle.
Over the past 4 years, Tesla has been running a bug bounty program and according to sources familiar with the effort, the company has given away hundreds of thousands in rewards to hackers who exposed vulnerabilities in its systems.
The automaker increased its max payout per reported bug to $15,000 last year and it also took a great step in reassuring owners who are hacking their own vehicles.
Tesla said that it will not void its warranty when a vehicle is hacked for “pre-approved good faith security research:”
— Tesla (@Tesla) September 5, 2018
But now the automaker is going even further by throwing Model 3 into the lion’s den
Tesla is going to be the first automaker to participate in a Pwn2Own hacking event, which is run by Trend Micro’s Zero Day Initiative (ZDI).
At the event in Vancouver this March, the company will give away a Model 3 to the winner of the hacking contest.
David Lau, Vice President of Vehicle Software at Tesla, commented on the announcement:
“We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us. Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle – we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community. We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems.”
The Model 3 will be the target of hackers at the event along with several other products like Oracle VirtualBox, Microsoft Office 365, Google Chrome and more.
This is great.
I’ve seen naysayers attack Tesla when some white hat hackers have exposed vulnerabilities in Tesla vehicles, but it’s actually a good thing.
Every time a white hat hacker finds a vulnerability, it’s one fewer vulnerability for black hat hackers to exploit.
Back in 2016, we reported on a Chinese whitehat hacker group, the Keen Security Lab at Tencent, managing to remotely hack the Tesla Model S through a malicious wifi hotspot. It is believed to be the first remote hack of a Tesla vehicle.
The hackers reported the vulnerability to Tesla before going public and the automaker pushed an update fairly quickly.
Once gaining access, the hackers were able to upload their own software to take control of the vehicle, but Tesla pushed a fix with code signing to add a cryptographic key to change onboard software. Tesla CTO JB Straubel said at the time:
“Cryptographic validation of firmware updates is something we’ve wanted to do for a while to make things even more robust. This is what the world needs to move towards. Otherwise the door is thrown wide open anytime anyone finds a new vulnerability.”
That’s becoming increasingly true as vehicles become more connected and more systems rely on computers.
CEO Elon Musk has security concerns when it comes to hacking and self-driving cars, but he thinks Tesla is on the right track to address the issue.
Subscribe to Electrek on YouTube for exclusive videos and subscribe to the podcast.