Pwn2Own Competitors Crack Tesla, Firefox, Safari, Microsoft Edge, and Windows 10

A research duo who hacked a Tesla were the big winners at the annual Pwn2Own white hat security contest, reports ZDNet. “The duo earned $375,000 in prize money, of the total of $545,000 awarded during the whole three-day competition… They also get to keep the car.” Team Fluoroacetate — made up of Amat Cama and Richard Zhu — hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process to execute code on the car’s firmware and show a message on its entertainment system… Besides keeping the car, they also received a $35,000 reward. “In the coming days we will release a software update that addresses this research,” a Tesla spokesperson told ZDNet today in regards to the Pwn2Own vulnerability.

Not coincidentally, Team Fluoroacetate also won the three-day contest after earning 36 “Master of Pwn” points for successful exploits in Apple Safari, Firefox, Microsoft Edge, VMware Workstation, and Windows 10… [R]esearchers also exploited vulnerabilities in Apple Safari, Microsoft Edge, VMware Workstation, Oracle Virtualbox, and Windows 10.