Archives

March, 2019

Hackers conquer Tesla’s in-car web browser and win a Model 3

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program

‘Shazam!’ is a superhero movie for kids, and that’s a great thing

TwitterFacebook

It’s been a long time since superheroes could be dismissed as mere kid stuff, thanks to stories as intelligent as Black Panther or as disturbing as The Dark Knight or as gleefully inappropriate as Deadpool.

But lost in all the praise over how mature and thoughtful and boundary-pushing these films can be is the fact that, well, superheroes are kid stuff. Most of us first fell in love with these larger-than-life crusaders as children, over comic books or Saturday morning cartoons or family trips to the multiplex.

More about Movies, Zachary Levi, Shazam, Entertainment, and Comic Culture

Wild videos show cruise ship chaos as rough seas prompt an evacuation

TwitterFacebook

Incredible videos shared on Twitter are showing the wild rough seas that have led to the evacuation of 1,300 people from a cruise ship off the coast of Norway. 

The ship, Viking Cruise’s “Viking Sky,” sent a distress signal Saturday afternoon local time, reporting “engine problems in bad weather,” according to CNN. And videos from both inside the cruise ship and from the shore show how bad the seas are. 

The BBC reports that at least one of the ship’s engines was successfully restarted, enabling the Viking Sky to move a bit further from the rocky shore. Not surprisingly, the BBC also notes, “The area is known as the Hustadvika and is reportedly one of the most dangerous stretches of Norway’s coast.” Read more…

More about Norway, Cruise Ship, Viking Sky, Viking Cruises, and Culture