SoylentNews is people
SoylentNews
Hack a Tesla, get a Model 3 and nearly $1 million - Roadshow:
Alright, hacker guy or gal, this is your time to shine. If you're not familiar with the Zero Day Intiative (ZDI), it's calling all friendly hackers extraordinaire once again for a good cause. This time, if if[sic] anyone manages to hack a Tesla, they'll get nearly $1 million and a shiny-new Model 3.
ZDI confirmed on Thursday that Tesla will once again be the big-name sponsor for its automotive category. Increasingly, automakers turn to friendly hackers to exploit their systems to keep our machines safe. Thus, ZDI has issued a new challenge for this year's "Pwn2Own" contest.
If an individual is able to completely compromise a Tesla Model 3, they get the car as part of Tier 1 prizes. Not only will they go home with a new Model 3, but they'll immediately earn a cash prize of $500,000 from ZDI. Yet, the most skilled have a chance for even more cash. If a contestant ticks off a few hacks in extra categories, they'll earn up to $200,000 more on top of the car and $500,000. These areas are "infotainment root persistence," "autopilot root persistence" and "arbitrary control of the CAN Bus." Each area has its own prize amount, but all hack all three, and it totals up to $200,000.
(Score: 2) by Unixnut on Monday January 13 2020, @03:38PM (2 children)
Quite frankly, if your car is computerised to the point where you need to run hackathons to check for vulnerabilities, then you have already lost. It means the car is computerised to the point where not even the devs can be sure it works as intended. This poor engineering practice is rampant in the software world. The hope was with time software development would mature and become like the other engineering disciplines, yet it seems to be going the other way... Cars (and some airplanes) are becoming so heavily controlled by software that bugs and vulnerabilities can be catastrophic,.
Even if nobody manages to hack it now, that doesn't mean (a) that someone won't manage to do it later, and (b) they may find that the vulnerability is worth a hell of a lot more than $700,000, especially if it allows total control of the car. The potential alone for assassination via "accidents" alone means this vulnerability could be worth a good chunk of change to the right people.
(Score: 2) by TheGratefulNet on Monday January 13 2020, @11:41PM
you don't know what you're talking about.
ob disc: I work in the industry (not tesla, but a competitor).
there is actually less and less linux in cars and more and more qnx. you won't likely hack qnx (I say this as a linux admin since the 1.1 kernel days).
ASIL-D systems are very safe and designed that way.
modern software is not even written directly as c code anymore; its 'model based' and those gui tools are like authoring tools that create 'correct' c code from a safety pov.
this has been going on for a while.
I prefer hand coded code, but this 'model stuff' is the future and it does ensure safety levels, by design. its a Good Thing(tm) even though it takes the software person mostly out of the loop. (or, maybe that's part of the reason its so good).
tesla does not use qnx for all their systems (maybe not at all, I don't know). I don't think they use android (so that's a big plus). they do use a lot of linux and linux cannot be secured as well as a static no-fork no-malloc true RTOS. so there are likely holes in their system.
they also don't encrypt much, and I don't think they encrypt ethernet or switches or storage at-rest. lots of open holes.
btw, you can rent teslas. don't have to own one to get access to one, if you really need to ;)
"It is now safe to switch off your computer."
(Score: 2) by hendrikboom on Tuesday January 14 2020, @03:37AM
Maybe they're running hackathons not to check for vulnerabilities, but to show off.
And maybe they'll have egg on their face afterward.
-- hendrik