Vulnerability Management

Researchers get free Tesla for finding infotainment system bug

Tesla awarded two researchers a car after they found a vulnerability in the vehicle’s infotainment system which allowed them to commandeer the vehicle.  

The exploit was found during the Pwn2Own hacking event held in Vancouver during which Tesla was the first automaker to participate and ultimately led to the researchers receiving $375,000 in prizes, including a free Model 3 for their efforts.

Researchers Amat Cama and Richard Zhu of team Fluoroacetate discovered a “JIT bug in the renderer” that allowed them to exploit the vehicle. Tesla also recently increased the payouts on its bug bounty program and now offers up to $15,000.

Tesla also ensured researchers that their warranties would not be voided when a vehicle is hacked for “pre-approved good faith security research."

“Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle– we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community,” Tesla Vice President of Vehicle Software David Lau said in a press release which announced the program.

“We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems.”

Tesla is scheduled to release a patch for the vulnerability discovered by the researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.