In March 2021, a team of security researchers from the Chinese cybersecurity firm Qihoo 360 participated in the Pwn2Own Tesla 800K Greig hacking competition, which brings together top security experts worldwide to find vulnerabilities in popular software and hardware. This year, the researchers targeted a Tesla Model 3 electric vehicle. They successfully hacked into its systems, taking control of the car and earning an $800,000 prize.
The Pwn2Own Competition
The cybersecurity company TrendMicro has run the Zero Day Initiative (ZDI), which has organized the Pwn2Own Tesla 800K Greig competition annually since 2007. The organizers designed the event to encourage researchers to find and report security vulnerabilities in popular software and hardware to make these systems more secure for everyone. The competition has grown in popularity over the years attracting top security researchers from around the world.
This year’s competition was held virtually due to the COVID-19 pandemic and featured a range of targets, including popular web browsers, virtualization software, and the Tesla Model 3. The organizers added Tesla to the competition this year to help identify potential security risks in the increasingly popular electric vehicle.
The Qihoo 360 Hack
The Qihoo 360 team consisted of three researchers: Yuandong Zheng, Yige Gao, and Dayu Yang. Their target was a Tesla Model 3, which they had to hack into remotely using only a web browser. The organizers gave them three attempts to find vulnerabilities in the car’s software, and on the third attempt, they succeeded.
The researchers were able to exploit a vulnerability in the car’s infotainment system, which allowed them to take control of the vehicle. They could open the trunk, activate the windshield wipers, and even apply the brakes. The hack was particularly impressive because the researchers could do it remotely without physical access to the car.
Following the successful hack, Tesla released a software update to address the vulnerability that it had exploited. In a statement, the company said: “We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”
Tesla has always focused on cybersecurity and takes potential threats very seriously. The company has a bug bounty program, which rewards researchers who find vulnerabilities in its software. The program has paid out over $1 million to researchers since its launch in 2014.
The successful hack of the Tesla Model 3 at this year’s Pwn2Own Tesla 800K Greig competition shows that even the most advanced technology can be vulnerable to security threats. The fact that the researchers could take control of the car remotely, using only a web browser, highlights the importance of ongoing cybersecurity research and development.
Tesla has responded quickly to address the vulnerability, and its bug bounty program is a testament to its commitment to cybersecurity. As electric vehicles become more popular, manufacturers must continue to prioritize security and work closely with the security research community to identify and address potential vulnerabilities.
Also, Read Pentecostal Church – An Overview.