What is Pwn2Own?
Pwn2Own is a computer hacking competition that was first held in Vancouver, Canada, in 2007. It forms part of the annual CanSecWest security conference and is run over 3 days. In the competition contestants attempt to hack widely used software and mobile devices with previously unknown vulnerabilities. Any contestant who can achieve a Tier 1 hack on a device, receives that device as a prize along with cash. Over the years Pwn2Own has evolved from a small demonstration with prizes of around $10,000 per hack to one of the most well-known security contests in the industry. Millions of dollars of cash prizes have been made available over the years. The contest acts as an annual check on the state of browser and OS security. It also helps guide researchers to expand towards new areas of security research by adding new categories to the competition. Last year was the first year that cars became part of the competition when a new category “Automotive” was added.
2019 Automotive Contest
Last year a Tesla Model 3 was the contestants’ target in Pwn2Own’s new “Automotive” category. Tesla has been credited with having pioneered the concept of the connected car with their Model S sedan. By including the Automotive category to the contest, Pwn2Own hopes to encourage more security research into connected vehicles. In 2019, the “Automotive” category was won by two 20 something computer security researchers. The duo, who called themselves the “Flouroacetate” team, comprised of Richard Zhu and Amat Cama. Last year, they exposed a security bug in the car’s system allowing them to hack the car’s internal web browser. The duo identified a JIT (just-in-time) bug in the browser that allowed them to hack in and write a message on the car’s dashboard display screen. For their efforts at Pwn2Own, Zhu and Cama drove away with the Tesla Model 3 they had hacked along with $35,000 cash.
This Year’s Tesla Challenge at Pwn2Own
This year, electric automaker Tesla is once again challenging hackers to find bugs in its connected cars. Driving off with a brand-new Model 3 will be a more difficult challenge this year. However, the possible rewards will be much greater as well. Zero Day Initiative’s press release on the challenge explains: “Tesla vehicles are equipped with multiple layers of security, and this time around, there are three different tiers of awards within the Automotive category that correspond to some of the different layers of security within a Tesla car, with additional prize options available in certain instances. Tier 1 earns the top prizes and represents a complete vehicle compromise. Correspondingly, this also has the highest award amounts. To win this level, a contestant will need to pivot through multiple systems in the car…” Any contestant able to achieve a Tier 1 hack will receive a Tesla Model 3 and $500,000 in cash. Tesla is also offering additional prizes at Pwn2Own bringing the total prize money to nearly $1 million, including the $500,000 Tier 1 prize.