Two white hats hack a Tesla

In Opinions

Tomas Foltyn, security writer at ESET discusses that a team of two hackers recently Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’ hack the electric automaker, Tesla car via its infotainment system.A duo of white-hat hackers have earned themselves a brand new Tesla Model 3 after exposing a vulnerability in the car’s integrated browser.

Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’, managed to break into the electric sedan via its infotainment system at the Pwn2Own hacking contest in Vancouver, Canada. They exploited a JIT (or ‘just-in-time’) bug in the browser renderer process to display a message on the infotainment system.

In addition to walking away with the car, Zhu and Cam received US$35,000 for discovering the bug, reads a Zero Day Initiative report. It’s worth noting that the flaw didn’t enable the ethical hackers to take control of the vehicle itself.

We reported in January that Tesla had decided to put up one of its models as a target at the event that took place between March 20-22.

The duo had a pretty good few days at the event, having scooped $375,000 in prize money in total, including for finding flaws in Apple Safari, Microsoft Edge, VMware Workstation, Oracle Virtualbox, and Windows 10.

In its statement after Zhu and Cam’s find, the electric automaker said that a fix for the vulnerability (classified as CVE-2019-9977) was on its way.

“In the coming days we will release a software update that addresses this research,” reads a statement from Tesla on ZDNet last Friday. “We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Tesla launched its own bug bounty program in 2014 and has since given away hundreds of thousands of US dollars in rewards for reporting vulnerabilities in its vehicle systems. According to Teslarati, last year saw the company extend the program to its energy products.

Comments

You may also read!

Data security through digital accounting reports

Vikas Panchal, Business Head at Tally Solutions in the Middle East, a leading international accounting, inventory and compliance software

Read More...

Know the risks associated with sharing selfies

Tomas Foltyn, security writer at ESET discusses the risks that may come with sharing selfies, especially for kids and

Read More...

Etisalat to expand its cybersecurity portfolio with Help AG acquisition

With an eye to expand its stake in the cyber security market, UAE’s prime telecom operator, Etisalat has signed

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu