Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Researchers Invited to Hack a Tesla at Pwn2Own 2019

Researchers can earn up to $300,000 and a car if they manage to hack a Tesla Model 3 at this year’s Pwn2Own competition, Trend Micro’s Zero Day Initiative (ZDI) announced on Monday.

Researchers can earn up to $300,000 and a car if they manage to hack a Tesla Model 3 at this year’s Pwn2Own competition, Trend Micro’s Zero Day Initiative (ZDI) announced on Monday.

Pwn2Own 2019, scheduled to take place on March 20-22 alongside the CanSecWest conference in Vancouver, Canada, introduces an automotive category for which a Tesla Model 3 will be brought on site.

White hat hackers can earn between $50,000 and $250,000 for demonstrating an exploit against a Tesla’s modem or tuner, Wi-Fi or Bluetooth components, infotainment system, gateway, autopilot, security system, and key fob (including the phone used as a key). Some of the targeted components are also eligible for a bonus of $50,000 or $100,000 for persistence and a CAN bus hack, respectively.

“Along with the prize money, the first-round winner in this category will win a Tesla Model 3 mid-range rear-wheel drive vehicle,” ZDI said.

Prizes for hacking Tesla

In the virtualization category, Pwn2Own participants can target Oracle VirtualBox, VMware Workstation and ESXi, and Microsoft Hyper-V Client. The highest prize is for Hyper-V – up to $250,000 and a $30,000 bonus for a privilege escalation on the host.

In the web browsers category, hackers can earn tens and even hundreds of thousands of dollars for sandbox escapes, Windows kernel privilege escalations, and VM escapes. The targets are Chrome, Edge, Safari and Firefox.

The enterprise category includes Adobe Reader, Microsoft Office 365, and Microsoft Outlook. Finally, the server-side category’s only target is Windows RDP, for which hackers can earn $150,000.

“Most of our server side targets moved to our Targeted Incentive Program, so they no longer need to be included in Pwn2Own,” ZDI explained.

The prize pool for this year’s event exceeds $1 million, and that does not include the money offered for hacking a Tesla.

At last year’s Pwn2Own, participants only took home less than $300,000 of the $2 million prize pool.

Related: IoT Category Added to Pwn2Own Hacking Contest

Related: Samsung Galaxy S9, iPhone X Hacked at Pwn2Own Tokyo

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.