We're not sure if this is good or bad publicity.
Tesla has been running a bug bounty program for the past four years where it actually rewards hackers who expose vulnerabilities in its vehicles’ software systems. The carmaker took things a step further this year after participating in a Pwn2Own hacking event in Vancouver, run by Trend Micro’s Zero Day Initiative (ZDI).
According to the report by Elektrek, the prize for the hackers that managed to crack a Tesla Model 3 was the car itself. Despite such a lucrative prize at stake, it still took the winning team until the very last day of the competition to take control of the Model 3’s systems.
David Lau, Vice President of Vehicle Software at Tesla, commented on their effort: "We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us.” Amat Cama and Richard Zhu of team Fluoroacetate won the competition by using a ‘JIT bug in the renderer’ to take control of the system. We have no clue what any of that means, but the end result is that your Model 3 will now be that much safer to any potential hacking attempts.
Lau went on to say that since launching their bug bounty program in 2014 – the first to include a connected consumer vehicle – they have continuously increased their investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community.
"We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems.” The automaker recently increased maximum payout per reported bug to $15,000 (up from $10,000) in 2018, saying that it will not void a vehicle warranty when a vehicle is hacked for "pre-approved good faith security research."
So before you go trying to claim your bug payout be sure to read Tesla’s responsible disclosure guidelines.