Two white hats hack a Tesla

In Opinions

Tomas Foltyn, security writer at ESET discusses that a team of two hackers recently Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’ hack the electric automaker, Tesla car via its infotainment system.A duo of white-hat hackers have earned themselves a brand new Tesla Model 3 after exposing a vulnerability in the car’s integrated browser.

Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’, managed to break into the electric sedan via its infotainment system at the Pwn2Own hacking contest in Vancouver, Canada. They exploited a JIT (or ‘just-in-time’) bug in the browser renderer process to display a message on the infotainment system.

In addition to walking away with the car, Zhu and Cam received US$35,000 for discovering the bug, reads a Zero Day Initiative report. It’s worth noting that the flaw didn’t enable the ethical hackers to take control of the vehicle itself.

We reported in January that Tesla had decided to put up one of its models as a target at the event that took place between March 20-22.

The duo had a pretty good few days at the event, having scooped $375,000 in prize money in total, including for finding flaws in Apple Safari, Microsoft Edge, VMware Workstation, Oracle Virtualbox, and Windows 10.

In its statement after Zhu and Cam’s find, the electric automaker said that a fix for the vulnerability (classified as CVE-2019-9977) was on its way.

“In the coming days we will release a software update that addresses this research,” reads a statement from Tesla on ZDNet last Friday. “We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Tesla launched its own bug bounty program in 2014 and has since given away hundreds of thousands of US dollars in rewards for reporting vulnerabilities in its vehicle systems. According to Teslarati, last year saw the company extend the program to its energy products.

Comments

You may also read!

SANS Institute to deliver first cyber security training event in Oman at SANS Muscat 2019

SANS Institute, the global leader in cyber security training, announced the company’s first ever cyber security training event, SANS Muscat 2019, to be

Read More...

Tenable announces general availability of Predictive Prioritization in Tenable.io

Tenable Inc, the Cyber Exposure company, has announced that Predictive Prioritization is now generally available within its cloud-based vulnerability

Read More...

Huawei to drive discussion on 5G commercialization at SAMENA Leaders Summit

Huawei, a leading global provider of information and communications technology (ICT) infrastructure and smart devices, will host the ‘5G is

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu