قالب وردپرس درنا توس
Home / Technology / Hackers conquer Tesla's own web browser and win a Model 3 – TechCrunch

Hackers conquer Tesla's own web browser and win a Model 3 – TechCrunch



A pair of security researchers dominated Pwn2Own, the annual high profile hacking contest that brought home $ 375,000 in prize money, including a Tesla Model 3 – their reward for successfully uncovering vulnerability in the infotainment system of the electric vehicle. Tesla handed over his new Model 3 sedan to Pwn2Own this year. For the first time, a car was added to the competition. Pwn2Own is in its 12th year and will be led by Trend Micro's Zero Day initiative. ZDI has spent more than $ 4 million over the life of the program.

The two hackers Richard Zhu and Amat Cam, known as Team Fluoroacetate "thrilled the assembled crowd" as they entered the vehicle. According to ZDI, who stated that after a few minutes of setup they successfully demonstrated their research via the Internet browser Model 3.

The pair used a JIT error in the renderer to display their message ̵

1; and won the prize, which included the auto itself. In the simplest terms, a JIT or just-in-time bug bypasses memory randomization data would normally protect secrets.

Tesla told TechCrunch that it will release a software update to fix the vulnerabilities discovered by the hackers.

19659002] "We've included the Model 3 in the world-renowned Pwn2Own competition to connect with the most talented members of the safety research community, with the goal of getting just that type of feedback. During the contest, the researchers showed a vulnerability to the web browser in the car, "Tesla said in an email. "In our vehicles, there are several levels of security that were developed as planned and that successfully contained the demonstration only to the browser, while protecting all other vehicle functions. In the coming days, we will release a software update that addresses this research. We realize that this demonstration required extraordinary effort and skill, and we thank these researchers for their work to help us ensure that our cars are the safest on the road today.

Pwn2Own's vulnerability research competition, Pwn2Own Vancouver, which took place March 20-22, covered five categories, including web browsers, virtualization software, enterprise applications, server-side software, and the new automotive category.

Pwn2Own awarded a total of $ 545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox and Tesla

Tesla has maintained a public relationship with the hacker since 2014 Community when the company launched its first error rewards program. And since then it has grown and evolved.

Last year, the company increased the maximum premium payment from $ 10,000 to $ 15,000 and also added its energy products. Today, Tesla's vehicles and all direct-hosted servers, services, and applications are included in their bounty program

.
Source link