Tesla partnered again with Zero Day Initiative to join the organization’s Pwn2Own hacking contest this year. Teslarati reported that Tesla is funding the 2023 Pwn2Own hacking competition with compelling prizes, including a Model 3 and a Model S, along with a $600,000 grand prize.
“They always innovate, and we’ve updated our target list to keep up. We’ve added a Steam VM Escape category with multiple targets. It may be a bit strange to be targeting a steam engine on an electric car, but here we are”
“We’ll have both a Tesla Model 3 and a Tesla Model S available as targets, with the top prize going for $600,000 (plus the car itself). Of course, virtualization exploits are always a contest highlight, and VMware returns as a sponsor with VMware Workstation and ESXi returning as targets.”
Zero Day Initiative
Tesla’s previous collaborations with the Pwn2Own contest
Tesla has already partnered with Pwn2Own on this kind of contest in 2019. The automaker offered the Tesla Model 3 to a team of two researchers that succeeded in exploiting its EV system.
In 2020, winning hackers got a Tesla Model 3 and more than $350,000 grand prize, as per Drive Tesla Canada. Last year, winners received a grand award of $75,000 with Model 3 hackings.
This year, the organizers increased the complexity level of the contest.
Tiers of awards
The Zero Day Initiative outlined Tesla’s numerous layers of security for the automotive category. It created multiple award tiers that pertain to some of the cars’ security layers.
Interested contestants can choose between the Model 3 (Intel or Ryzen-based) or the Model S (Ryzen-based) to join the contest.
Interestingly, there are three tiers in the automotive category;
Tier 1 Targets
| Target | Target | Target | Prize Amount | Master of Pwn Points | Additional Prize | Target |
| Initial Vector | Intermediate Pivot | Final Stage | ||||
| Tuner, WiFi, Bluetooth, or Modem | Infotainment | VCSEC, Gateway, or Autopilot | $500,000 USD | 50 | Infotainment Root | Yes |
| Tuner, WiFi, Bluetooth, or Modem | Infotainment | VCSEC, Gateway, or Autopilot | $500,000 USD | 50 | Persistence Add-on | Yes |
| Tuner, WiFi, Bluetooth, or Modem | Infotainment | VCSEC, Gateway, or Autopilot | $500,000 USD | 50 | Autopilot Root Persistence Add-on | Yes |
| Tuner, WiFi, Bluetooth, or Modem | Infotainment | VCSEC, Gateway, or Autopilot | $500,000 USD | 50 | Can Bus Add-on | No |
The contest rules discuss the tiers and their associated prizes in greater detail below:
“Along with the prize money, the first-round winner against an eligible target in this category will win a Tesla Model 3 or comparable vehicle (MSRP $46,990 (USD)) (“Tesla Prize”). If the entry targets a Tesla Model S (Ryzen-based), the Tesla Prize will be a Tesla Model 3. No additional options are included in the vehicle.”
“If the Tesla Prize is not available for whatever reason, Sponsor may substitute the Tesla Prize for (1) an alternate Tesla vehicle of equivalent value, or (2) an amount equal to the current value of the Tesla Prize payable in USD, in Sponsor’s discretion.”
Pwn2Own
How to join?
For those hackers that are interested in joining, you must inform the Zero Day Initiative about the platform and equivalent you selected two weeks before the contest.
This year’s Pwn2Own contest will also be opened for in-person and remote set-up.
The contest will be on March 22-24, 2023, at the Sheraton Wall Center in Vancouver for the CanSecWest conference.
Interestingly, this year’s prizes are reportedly the largest in the contest’s history. That said, contestants must anticipate a highly competitive and complicated challenge, as hacking Tesla EVs is indeed an extreme task.
