A pair of security researchers dominated Pwn2Own, the annual high-profile hacking competition, and took home $ 375,000 in prizes, including a Tesla Model 3 – their reward for exposing a vulnerability in the electric vehicle's infotainment system.
Tesla handed over its new model 3 sedan to Pwn2Own this year, the first time a car has been involved in the competition. Pwn2Own is in its 12th year and is run by Trend Micro's Zero Day Initiative. ZDI has awarded more than $ 4 million over the lifetime of the program.
The couple hackers Richard Zhu and Amat Cam, known as the team Fluoroacetate "thrilled the aggregate" as they entered the vehicle, according to ZDI, who noted that after a few minutes of setup, they appeared Successfully their survey on the Model 3 browser.
The couple used a JIT error in the renderer to display their message ̵
Tesla told TechCrunch that it will be a software update to fix the vulnerability detected by the hackers.  "We entered Model 3 in the world-famous Pwn2Own competition to engage with the most talented members of the security research community, with the goal of seeking this exact type of feedback. During the competition, researchers showed a vulnerability to the browser in the car," Tesla in an email message. "There are several layers of security in our cars that functioned as designed and successfully contained the demonstration to the browser while protecting all other vehicle features. In the coming days, we will release a software update addressing this survey. We understand that this demonstration took an extraordinary effort and skill, and we thank these researchers for their efforts to continue to ensure that our cars are the safest on the road today. "
Pwn2Own's Spring Vulnerability Research Competition, Pwn2Own Vancouver was held March 20-22 and featured five categories including browsers, virtualization software, enterprise applications, server-side software, and the new car category.
Pwn2Own awarded a total of $ 545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox and Tesla.
Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bugs program. has grown and evolved since then.
Last year, the company increased its maximum pay from $ 10,000 to $ 15,000 and also added energy products. Today, Tesla's vehicles and are all directly-served servers, services and applications now in use in their bounty program