Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

They won a Model 3

This site may earn commission on affiliate links.
Pwn2Own Vancouver 2019: Wrapping Up and Rolling Out

Richard Zhu and Amat Cama (fluoroacetate) used a JIT (just-in-time) bug to display their message on Model 3 web browser.

upload_2019-3-23_23-58-20.png


They got that Model 3 as a reward as well as other cash prizes totaling $375,000.
 
  • Informative
Reactions: tracksyde
The articles said:

..“thrilled the assembled crowd” as they entered the vehicle...

but I don't think they were able to unlock a locked car with all windows closed.

The articles didn't cover how they did it after they entered into the car. Did they connect to the car by any hard wire, wi-fi, blue tooth or the car's wireless have been unlocked and their job is to hack into the browser?

Why there wasn't a challenge to gain access to a locked car? Is it too easy as proven by thieves so it's not done here?

These articles are not informative.
 
They hacked the browser; that's it. they could not breach Tesla's gateway into the actual vehicle controls.

Tesla's statement:
“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”