As part of Tesla’s efforts to ensure that its vehicles remain the safest on the road, the electric car maker is once more opening itself to security researchers. This March, Tesla would be participating as the sole automaker in Pwn2Own 2019, a three-day cybersecurity contest set to be held in Vancouver, Canada. The electric car maker will be bringing the Model 3 to the event, and the company is willing to pay top dollar for anyone skilled enough to hack into its latest and most disruptive vehicle to date.
Pwn2Own is a computer hacking contest held at the CanSec West security conference. The contest, which began in 2007, challenges participants to exploit widely used software and mobile devices for vulnerabilities. Winners of the contest traditionally receive the device that they exploited, a cash prize, and some exclusive merchandise. Being a participant in this year’s Pwn2Own competition, Tesla is no exception. As confirmed to Teslarati, Tesla would be giving away a free Mid Range RWD Model 3 (currently priced at $44,000 before savings) to the security researcher who successfully hacks the electric sedan this March.
Several notable companies are participating in Pwn2Own 2019, including Microsoft and Oracle. That said, it would not be surprising if the Model 3 becomes the star of the competition, considering that it is arguably the most compelling target in this year’s event. Nevertheless, David Lau, Vice President of Vehicle Software at Tesla, has stated that the Model 3’s presence in the competition is a way to help the company improve its products further.
“We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us. Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle – we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community. We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems,” Lau said.
In a press release, Dragos Ruiu, CanSec West event organizer, notes that the list of targets for this year’s Pwn2Own event is quite impressive. The organizer further added that the participation of companies like Microsoft and Tesla are inspiring.
“It’s inspiring to see some of today’s leading tech companies taking the initiative to secure their products by leveraging the incredibly talented minds participating in Pwn2Own. The target list for the contest is certainly impressive, and I’m excited to see what kinds of creative solutions researchers will demonstrate during the competition,” Ruiu said.
Tesla broke conventions in 2014 when it launched its Bug Bounty program, which was the first to include a connected consumer vehicle. During that time, Tesla’s bounties were still quite modest, ranging between $25 and $1000. Tesla eventually extended the scope of its Bug Bounty program to its vehicles, and over the years, the company’s rewards for security researchers have also improved steadily. As of November, Tesla was offering up to $15,000 for car or product-related vulnerabilities. Products like its battery storage solutions, such as the Powerwall 2, were also included in the updated Bug Bounty program.
Tesla’s Bug Bounty program could be credited with a number of security-related features for the company’s vehicles. Since launching the program, for one, Tesla has released cryptographic validation for its software and introduced more robust cryptography for its vehicles’ key fobs. Features like PIN-to-Drive, which is designed to prevent relay attacks from key fob cloning, were also introduced due to the efforts of security researchers.
