Tesla to Give a Model 3 to Whoever Hacks Its Car

In a major step in its bug bounty program, Tesla offers to give a Model 3 to anyone who can hack the Model 3’s software.

In a major escalation in its bug bounty program, Tesla is offering a free Model 3 to anyone who can hack their car at Trend Micro’s Zero Day Initiative’s upcoming hacking contest, Pwn2Own.

Humble Beginnings of the Bug Bounty Programs

If you haven’t heard of a bug bounty program, you might be wondering why Tesla is rewarding someone to break into their software.

Bug Bounties run on the principle that no one is better at securing your home than a professional burglar; likewise, hackers are enlisted to expose software vulnerabilities in exchange for a reward.

Advertisement

Companies can learn ahead of time where their software is susceptible to attack; they can crowd-source their security testing to tens of thousands of amateur and professional IT security people. 

Advertisement

And they only have to pay for successful hacks—saving an enormous amount of money on testing—, and contests like these play into the satisfaction so-called whitehat hackers get from breaking into software in a constructive way.

Advertisement

The first bug bounty was offered by Netscape back in 1995, who said, “By rewarding users for quickly identifying and reporting bugs back to us, this program will encourage an extensive, open review of Netscape Navigator 2.0 and will help us to continue to create products of the highest quality.”

Advertisement
Software Bug
Source: Pixabay

Other vendors were slow to adopt the unorthodox model and for years the idea of bug bounties failed to catch on while software vulnerabilities remained unaddressed.

Advertisement

Vehicles

What Is Car Hacking and What Can You Do to Prevent It ?

Over time, however, companies began to catch on. Whitehats continued to report vulnerabilities in large enterprise software. Conferences such as DefCon worked to educate software companies about the need for such programs and soon these companies began to listen.

Advertisement

In 2004, Mozilla Firefox began offering $500 for whitehats who found critical security flaws in their browser.

Advertisement

Another big breakthrough came in 2007, with the introduction of the Pwn2Own contest, which originally set out to identify security vulnerabilities in the macOS X operating system as a way to wake up Apple to the need for better security measures.

The popularity of these contests began to wake up industry titans to their utility.

In 2010, Google announced its own security vulnerability program for its web applications and Facebook followed a year later with its whitehat program, offering a minimum $500 reward for vulnerabilities reported to the company and no maximum limit on the reward offered. The program is still going, having paid out more than $2 million so far.

Tesla Ups the Ante at Pwn2Own

Tesla’s four year old bug bounty program is already a huge success. Tesla has a very generous payout structure already, with its maximum reward per reported vulnerability being $15,000, and they’ve payed out hundreds of thousands of dollars in bounties so far.

What’s more, they’ve encouraged people to dig into their systems for weaknesses, reporting that hacking Tesla’s system—if done for legal bug bounty purposes—will not void the warranty on your car.

Giving away a Model 3 seems like the next logical step for the automaker. By dedicating itself to ensuring the safest possible system in their Model 3’s, Tesla’s Pwn2Own participation and reward of a Model 3 to the winner, will only make the Model 3—and everyone else on the road with them—safer as a result.

Advertisement