Pwn2Own Vancouver 2019: Tesla, VMWare, Microsoft, and more

As a Tesla owner, I think this is great, because as an Engineer, I fully expect that Tesla was get owned (literally) here. I have no problem with that - I want people trying to break the security, and I want Tesla to pay them, and to improve it.<p>The reality is that a Tesla is mostly really good software, really good engine, and really good battery, surrounded by a reasonable (but not excellent) rest of the car. That&#x27;s more then worth it to me, and the Tesla Stretch is real, because the car is incredibly compelling. I would argue that the value is just as much a outcome of the software, and it needs to be hardened.

From what I&#x27;ve read about Tesla&#x27;s software this could be a <i>bold move</i>.<p>Between the infotainment system, onboard Linux computer, autopilot, self-driving hardware, OTA updates, mobile apps, and the amount they phone home, Tesla are probably doing some of the most advanced computing in any consumer car (some deconstructions have suggested they are miles ahead here, pardon the pun).<p>This is great, but it all comes with additional surface area for attacks, and software engineers have spoken out about the fast paced shipping that happens at Tesla and the corners that are cut as a result.

This will be interesting. A Jeep Cherokee was hacked a couple years ago. The results are pretty bad. It cost Chrysler a lot of money in recalls to fix the issue.[1]<p>[1]<a href="https:&#x2F;&#x2F;www.wired.com&#x2F;2016&#x2F;08&#x2F;jeep-hackers-return-high-speed-steering-acceleration-hacks&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.wired.com&#x2F;2016&#x2F;08&#x2F;jeep-hackers-return-high-speed...</a>

Regardless, how good&#x2F;bad Tesla software will fair with the security contest, this is the best possible way to improve product security within a short amount of time, just like the cat-and-mouse game Apple play with the Jailbreaking community.

&gt; Entries against “Key Fobs or Phone-as-Key” target must achieve code execution, arbitrary vehicle unlock, or arbitrary vehicle start using protocol-related weaknesses. Entries related to Key Fob relay or “rolljam” attacks are not allowed<p>Does that mean that they think that such attacks are too easy? If they use rolling codes, will they classify any attack with jamming as &quot;rolljam&quot;? If they don&#x27;t, why specify this?

If my understanding of the pwn2own event is correct, it&#x27;s not a CTF event and the exploits are typically developed in advance, and then demonstrated during the event? If there are 2 or more exploits which all work reliably, who is determined to be the &quot;winner&quot;?

This is some seriously good marketing. Tesla is in a unique position to offer their car up as a prize and target. Other manufacturers could do this but because it is hard to update their firmware they don&#x27;t do it.

What prize do you get for pwning it sufficiently to make it drive off on its own? Sounds like that would be the ultimate hacking competition: you get the car if you make it drive to your own home.

Undergrads at various universities regularly pwn vehicle systems and write reports about it for academic credit. The M3 has a lot more surface area than the typical car most people are hacking. My prediction is that the M3 is gonna get chewed up and spit out. This isn&#x27;t a &quot;will it get pwned&quot; competition it&#x27;s a &quot;who will pwn it best&#x2F;fastest&quot; competition.

Do you get physical access to the inside of the car first? Or does the hacking have to happen from the outside of the car?

It looks like Tesla doesn&#x27;t update many parts of its OS; <a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;teslamotors&#x2F;comments&#x2F;ag6r2f&#x2F;please_help_our_turkish_tesla_community_reach&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;teslamotors&#x2F;comments&#x2F;ag6r2f&#x2F;please_...</a>

This is a great contest. The value of winning a Tesla will be more than the value of the Model3 up for grabs.<p>And it&#x27;s relatively cheap for Tesla to pay out to get these vulnerabilities found and addressed.

I give it 67 seconds<p>edit: there is nothing stopping someone from leasing a tesla, finding an exploit and shooting it within the first 10 seconds, no? In general, how does this work at pwn2own?

Anyway they have bitquark for security. Who can find vulnerability in the Tesla products ?

&gt; And the first successful researcher can also drive off in their own brand new Model 3 after the competition ends<p>If you&#x27;ve successfully hacked a car and shared your method would you then get in said car and drive it away? I&#x27;d like a patch or at least a factory reset first....

Nice marketing stunt, but how many security researchers already have a Model 3 or are going to buy one to do this?<p>Guessing just already-successful firms &#x2F; personalities that want to win Tesla pen-testing contracts in the future?<p>Or has Tesla released binary blobs of their firmware systems online?