Tesla hackers win $200k and Model 3 for finding new vulnerability

Tesla hackers have won $200,000 and a brand-new Model 3 for finding a new vulnerability in the automaker’s system.

For years now, Tesla has been investing a lot in cybersecurity and working closely with whitehat hackers. The automaker has been participating in the Pwn2Own hacking competition by offering large prizes and its electric cars for hacking challengers.

The idea is to encourage and reward “good guy” hackers to find vulnerabilities and help Tesla fixed them before the “bad guys” get to them.

This strategy has enabled Tesla to patch dozens, if not hundreds, of vulnerabilities in its systems before they can be exploited by malicious people.

It happened as recently as January when Zero Day Initiative, which is behind Pwn2Own, held a special event in Tokyo where a team of security researchers, Synacktiv, managed to chain some bugs to exploit Tesla’s infotainment system.

They won $100,000 for the exploit.

Now, Zero Day Initiative is hosting a new Pwn2Own event in Vancouver, and Synacktiv did it again.

The organization announced that the team of hackers managed to hack Tesla’s electronic control unit (ECU) and vehicle CAN BUS:

This time, they received $200,000 and a brand new Model 3 for exposing those vulnerabilities.

With vehicles being increasingly connected, there’s an increased fear of hacking becoming a problem in automobiles.

Initiatives like this help automakers stay ahead of the bad guys. Tesla also runs its own bug report program open to whitehat hackers with generous rewards.

We previously noted that Tesla had a serious increase in its cybersecurity effort after a fleetwide hack became a real concern for CEO Elon Musk.

In July 2017, Musk got on stage at the National Governors Association in Rhode Island and confirmed that a “fleet-wide hack” is one of Tesla’s biggest concerns as the automaker moves to autonomous vehicles.

He even presented a strange scenario that could happen in an autonomous future:

“In principle, if someone was able to say hack all the autonomous Teslas, they could say – I mean just as a prank – they could say ‘send them all to Rhode Island’ [laugh] – across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.”

What Musk knew that the public didn’t know was that Tesla got a taste of that actually happening just a few months prior to his talk.

In our report, “The Big Tesla Hack” we explained how a hacker managed to get control over Tesla’s entire fleet.