Two white hats hack a Tesla, get to keep it
Source: Vistar Communications for ESET Middle East , Author: Tomas Foltyn
Posted: Thu April 11, 2019 5:25 pm

UAE. A duo of white-hat hackers have earned themselves a brand new Tesla Model 3 after exposing a vulnerability in the car’s integrated browser.

Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’, managed to break into the electric sedan via its infotainment system at the Pwn2Own hacking contest in Vancouver, Canada. They exploited a JIT (or ‘just-in-time’) bug in the browser renderer process to display a message on the infotainment system.

In addition to walking away with the car, Zhu and Cam received US$35,000 for discovering the bug, reads a Zero Day Initiative report. It’s worth noting that the flaw didn’t enable the ethical hackers to take control of the vehicle itself.

We reported in January that Tesla had decided to put up one of its models as a target at the event that took place between March 20-22.

The duo had a pretty good few days at the event, having scooped $375,000 in prize money in total, including for finding flaws in Apple Safari, Microsoft Edge, VMware Workstation, Oracle Virtualbox, and Windows 10.

In its statement after Zhu and Cam’s find, the electric automaker said that a fix for the vulnerability (classified as CVE-2019-9977) was on its way.

In the coming days we will release a software update that addresses this research,” reads a statement from Tesla on ZDNet last Friday. “We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Tesla launched its own bug bounty program in 2014 and has since given away hundreds of thousands of US dollars in rewards for reporting vulnerabilities in its vehicle systems.

According to Teslarati, last year saw the company extend the program to its energy products.

Photo caption: Tomas Foltyn, security writer at ESET

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: June 26, 2019
UAE. Positive price movement demonstrates success of UAE's diversification drive; Dubai (21), Abu Dhabi (33) and Riyadh (35) rank among the most expensive cities for expatriates in the Middle East.
date:Posted: June 25, 2019
UAE. There were a number of iconic deals completed in Q1 FY19 which include: Network International IPO, acquisition of Careem by Uber, Saudi Aramco bond listing and investment into ADNOC pipeline and refinery assets by international investors.
date:Posted: June 24, 2019
UAE. The latest edition of PwC's Middle East Economy Watch looks at the recent oil price rebound and its mixed impact on regional economies.