The Tesla Model 3 will be the target of this year’s Pwn2Own hacking contest, with prizes from $35,000 to $250,000 up for grabs. Furthermore, the contestant pulling in the highest number of ‘Master of Pwn Points’ for Tesla cracks will also win a Tesla Model 3. The biggest single prize, $250,000, will be available for
The Tesla Model 3 will be the target of this year’s Pwn2Own hacking contest, with prizes from $35,000 to $250,000 up for grabs. Furthermore, the contestant pulling in the highest number of ‘Master of Pwn Points’ for Tesla cracks will also win a Tesla Model 3.
The biggest single prize, $250,000, will be available for any hacker cracking the security of Tesla Gateway, Autopilot or VCSEC (Vehicle Controller Secondary), winning execution rights. VCSEC handles the security and alarm on the Model 3.
Successful attacks on the modem or tuner will attract prizes of $100,000; and an Autopilot denial of service – Autopilot being Tesla’s self-driving system – will attract a prize of $50,000. Even the key fobs and ‘phone-as-key’ have been put up for the event, with a prize of $100,000 for any able to demonstrate a successful attack.
As an add-on prize, Tesla has also put up $100,000 for any crack that can take control of the Model 3’s CAN (Controller Area Network) bus, which forms the backbone of any modern ‘smart’ vehicle.
|Modem or tuner||$100,000|
|WiFi or Bluetooth||$60,000|
|Gateway, Autopilot or VCSEC||$250,000|
|Autopilot denial of service||$50,000|
|Key fobs or phone-as-key||$100,000|
There is also $50,000 up for grabs for cracks that can demonstrate persistence – the ability to maintain root control of the component even after a system reboot.
In addition to the Tesla Model 3, Microsoft is offering $250,000 for any successful Hyper-V client guest-to-host escalation.
Microsoft is increasingly a cloud computing company, and it would be catastrophic for the company were any client to be able to exploit Hyper-V, which underlies Microsoft’s cloud computing services, to be able to take full control of the host – and therefore all other clients running under it.
The same goes for VMware and Oracle, which are also putting up their respective virtualisation software for Pwn2Own.
VMware specialises in virtualisation software and has put up VMware ESXi, alongside VMware Workstation as a target, with awards of $150,000 and $70,000 respectively for successful cracks. Oracle VirtualBox will also be there with prize money of $35,000 available – not quite enough to buy a Tesla Model 3 outright.
On top of that, a number of web browsers, Windows Defender Application Guard, Microsoft Outlook and Adobe Reader will also be in the stocks.
And the hacker with the first successful exploit of the event will also win a Tesla Model 3.
Pwn2Own is part of the CanSecWest security conference, which will be held this year on March 20-22 in Vancouver, Canada.
29 November 2018: Tesla cars in China report drivers’ movements back to government
Chinese government demands information in real-time from vehicle makers in unprecedented data grab
Tesla electric vehicles in China are reporting their drivers’ movements back to the government as President Xi Jinping uses the latest technology to step up surveillance to unprecedented levels.
And it isn’t just Tesla reporting driving details back to the Chinese authorities, but more than 200 manufacturers, including all the big global manufacturers.
The car makers say that they are only complying with laws in China, while officials in the country claim that the data isn’t used for surveillance or added to people’s ‘social credit scores’, but merely used to improve public safety, to aid industrial development and help local and national governments to better plan infrastructure.
It could be used not only to undermine foreign carmakers’ competitive position, but also for surveillance
That’s according to an investigation by Associated Press, although it also points out that the government in no other major market demands the same kind of real-time data collection from Tesla and other vehicle makers.
Indeed, the amount of data demanded by Chinese authorities, AP goes on to point out, goes far beyond that needed to improve safety or better plan infrastructure: “It could be used not only to undermine foreign carmakers’ competitive position, but also for surveillance — particularly in China, where there are few protections on personal privacy.”
Under President Xi Jinping, China has forged ahead with mass surveillance programmes and enthusiastically embraced big data analytics and artificial intelligence to better anticipate potential dissent – and potential dissenters.
It has even devised a system of ‘social credit’ control that confers scores on people’s loyalty to the state, and goes as far as to prevent them from being able to buy train and plane tickets if their score is too low. Millions are already effectively being denied the right to travel.
The system makes use of technology and encompasses databases containing citizens’ face, voice, fingerprints and even their DNA so that everyone can be definitively identified, and their online and offline activity filed in databases. Mobile devices – and now vehicles – can also track people’s movements, backed up by as many as 170 million linked surveillance cameras.
Electronic cash will also enable the state to monitor every purchase people make.
Data from Teslas and other electric cars are transmitted to the Shanghai Electric Vehicle Public Data Collecting, Monitoring and Research Centre, which currently grans data from more than 222,000 vehicles, according to AP.
“Electric vehicles in China transmit data from the car’s sensors back to the manufacturer. From there, automakers send at least 61 data points, including location and details about battery and engine function to local centres,” claimed AP.
It adds: “Data also flows to a national monitoring centre for new energy vehicles run by the Beijing Institute of Technology, which pulls information from more than 1.1 million vehicles across the country.”
And, while the majority of cars aren’t currently tracked by the authorities across China, in the Muslim-majority province of Xinjiang the government has ordered drivers to fit tracking devices to their vehicles – a measure that could be rolled-out across the country.
Next page: Elon Musk replaced as chairman and Tesla served with subpoena by the SEC