Security Experts:

Pwn2Own 2020: Researchers Again Invited to Hack Tesla

Trend Micro’s Zero Day Initiative (ZDI) on Thursday announced the targets and prizes for the 2020 Pwn2Own competition, which is set to take place on March 18-20 in Vancouver at the CanSecWest conference.

Pwn2Own 2019 introduced the automotive category and participants were invited to hack a Tesla Model 3. Amat Cama and Richard Zhu of team Fluoroacetate managed to hack the car’s web browser, which earned them $35,000 and a Model 3. They were the only team to target the vehicle at the competition.

Pwn2Own 2020 participants have also been invited to hack a Tesla Model 3, but ZDI has pointed out that earning a car will be more difficult compared to last year. On the other hand, the amount of cash researchers can earn if they demonstrate exploits against the Model 3 are also more significant.

There are three tiers in the automotive category this year. In Tier 1, hackers can earn $500,000 if they successfully demonstrate an exploit chain that uses the tuner, Wi-Fi, Bluetooth or modem as the initial attack vector and ultimately allows attackers to compromise gateway, security (VCSEC) or autopilot components. The attack must result in arbitrary code execution on three different subsystems. An additional bonus of $50,000 can be earned if the exploit also achieves root persistence, and an extra $100,000 if the payload can take control of the CAN bus.

The targets are the same in Tier 2, but it’s enough to achieve arbitrary code execution on two subsystems. Rewards in this tier range between $250,000 and $400,000, with the possibility of earning bonuses for persistence or CAN bus control.

Tier 3, in which the prize amount ranges between $35,000 and $200,000, requires an exploit that compromises only one subsystem of the car, and there is a wider range of targets.

Tesla Tier 3 targets for Pwn2Own 2020

“Entries against Modem or Tuner, Wi-Fi or Bluetooth, and Gateway, Autopilot, or VCSEC targets must achieve code execution by communicating with a rogue base station or other malicious entity. Entries against the Infotainment target must be launched from the target under test and must achieve code execution by browsing to malicious content,” ZDI explained.

The browser category at Pwn2Own 2020 includes Chrome, Edge (both Chromium- and EdgeHTML-based), Safari, and Firefox, with prizes ranging between $40,000 and $100,000.

In the virtualization category, hackers can target Oracle VirtualBox, VMware Workstation and ESXi, and Microsoft Hyper-V. The most valuable exploits are for ESXi, $150,000, and Hyper-V, $250,000.

Participants can earn tens of thousands of dollars for hacking Adobe Reader and Office 365 ProPlus. Local privilege escalations on Ubuntu and Windows 10 are worth $30,000 and $40,000, respectively.

Finally, in the server-side category, Windows RDP exploits are worth up to $150,000.

ZDI says the prizes this year total $1 million. Last year, the organizers paid out a total of $545,000 for 19 vulnerabilities.

Related: Bug Hunters Hack Samsung Galaxy S10, Xiaomi Mi9 at Pwn2Own

Related: Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.