At this year’s Pwn2Own Tesla will open Model 3 to white hat hackers (more information at Forbes, or Techworld if you prefer Swedish). The company will offer a number of bounties adding up to $900, ranging from $35 000 to $250 000 depending on the criticality of the reported vulnerabilities. The highest bounty will go to the first person to break Tesla’s gateway which controls data flow, autopilot, or VCSEC (Vehicle Controller Secondary) which controls a number of security functions in the car. This focus is not surprising – Tesla puts pride in high safety, and vulnerabilities in any of these can allow hackers to take control over critical functionality. In addition, bounties will be awarded to the first person who manages to:
- Open the car without a legitimate key ($100 000)
- Start the car without a legitimate key ($100 000)
- Hack the CAN-bus ($100 000)
- Hack the infotainment system ($35 000 – $85 000)
- Hack the bluetooth or WiFi ($60 000)
Thus, a new Tesla Model 3 is the lowest bounty you can bring home if you manage any of the above.
This is not the first time Tesla collaborates with bug hunters. Already in 2014 the company initiated their bug bounty program (e.g. bugcrowd). “Our work with the security research community is invaluable to us,” said Tesla’s vehicle software chief David Lau adding that the input they are getting will lead to improvements in the company’s products and approach to security.