Archives

Written by Kirsten Korosec

Hackers conquer Tesla’s in-car web browser and win a Model 3

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program

How Nuro plans to spend Softbank’s $940 million

Autonomous delivery startup Nuro is bursting with ideas since SoftBank invested nearly $1 billion in February, new filings reveal.

A recent patent application details how its R1 self-driving vehicle could carry smaller robots to cross lawns or climb stairs to drop off packages. The company has even taken the step of trademarking the name “Fido” for delivery services.

“We think there’s something neat about that name,” Nuro founder Dave Ferguson told TechCrunch. “It’s friendly, neighborly and embodies the spirit of a helper that brings you things. It wasn’t intended to extend towards literal robot dogs, although some of the legged platforms that others are building could be very interesting for this last 10-foot problem.”

Another section of Nuro’s patent shows the R1 delivering piping hot pizza and beverages, prepared en route in automated kitchens.

“We tried to build a lot of flexibility into the R1’s compartment so we could serve all the applications that people will be able to think of,” Ferguson said. “A coffee machine is actually a pretty good one. If you go to your local barista, those machines are incredibly expensive. Amortizing them over an entire neighborhood makes sense.”

As automated technologies mature, companies are focusing less on simply getting around and more on how services will connect with actual customers. Delivering goods instead of passengers also means fewer regulations to navigate.

That opportunity has prompted a number of companies, including e-commerce and logistics giant Amazon, FedEx, and numerous startups to explore autonomous delivery.  At CES this year, Continental unveiled a prototype dog-shaped robot for last-yard deliveries, while Amazon has unveiled a sidewalk robot called Scout that is already delivering packages to homes.

The first company to scale automated driving and delivery could start building revenue while those aiming for autonomous taxis are stuck in a maze of laws, safety concerns and consumer skepticism.

Origin story

Softbank’s capital allows Nuro’s founders to run with its many ideas. But even in its earliest days, they benefited from an early injection of cash.

Nuro was founded in June 2016 by Ferguson and another former Google engineer, Jiajun Zhu, after they received multi-million dollar payouts from the company’s infamous Chauffeur bonus plan. Chauffeur bonuses were intended to incentivize engineers who stuck with Google’s self-driving car project. However, the plan’s structure meant that anyone who left after the first payout in 2015 would also receive a large lump sum.

Lead engineer Anthony Levandowski appears to have earned over $125 million from the plan. He used some of the money to start Otto, a self-driving truck company that was acquired by Uber and subsequently became the focus of an epic patent and trade secrets theft lawsuit.

Court filings from that case suggest that Ferguson and Zhu received around $40 million each, although Ferguson would not confirm this. (Another Chauffeur alum, Russell Smith, got a smaller payout and quickly joined Nuro as its hardware lead).

Nuro completed its first Series A funding round in China just three months later, in a previously unreported deal that gave NetEase founder Ding Lei (aka William Ding) a seat on Nuro’s board. Ding was China’s first Internet and gaming billionaire, and was reportedly once the wealthiest person in China. However, his business empire, which spans e-commerce, education and pig farming, recently laid off large numbers of staff.

“William has been a board member and a strong supporter from the very start. But he’s not directing company decisions,” says Ferguson.

A second, U.S.-based round in June 2017 raised Nuro’s total Series A funding to $92 million.

A Nuro spinout

Nuro started pilot grocery deliveries last summer with a Kroger supermarket affiliate in the Phoenix suburb of Scottsdale. The pilot initially used modified Toyota Prius sedans and transitioned in December to its R1 vehicle. “We’re super excited about the application area,” says Ferguson. “87 percent of commerce is still local and 43 percent of all personal vehicle trips in the U.S. are for shopping and running errands.”

Meanwhile, Uber’s self-driving truck program, which had begun with the acquisition of Otto, was on its last legs. Although the program was not publicly canned until July 2018, many of its key personnel left in May. The LinkedIn profiles of engineers Jur van den Berg, Nancy Sun and Alden Woodrow show them going straight from Uber to found Ike, another self-driving truck startup, the same month.

When Ike came out of stealth mode in October, Nuro characterized its relationship with the new company as a partnership, where “we gave Ike a copy of our autonomy and infrastructure software and, in exchange, Nuro got an equity stake in Ike.”

In reality, Ike was more of a spinout. California and Delaware business records show that Ike was not incorporated until July, and shared office space with Nuro until at least the beginning of September. Ike’s founding engineers actually worked at Nuro after leaving Uber. Van den Berg can even be seen in a Nuro team photo that was shot in June and reproduced in Nuro’s Safety Report, wearing a Nuro T-shirt.

Ferguson confirmed that all three Ike founders had worked at Nuro before starting Ike.

“We are always looking for opportunities where the tech that we’ve built could help,” Ferguson said. “Trucking was a really good example, but we recognized that as a company, we couldn’t spread ourselves too thin. It made sense for both sides for the Ike co-founders to build their own independent company.”

Ike CEO Woodrow told TechCrunch recently that it’s using Nuro’s hardware designs and autonomous software, as well as data logging, maps and simulation systems. It raised $52 million in its own Series A in February.

Not to be outdone, Nuro quickly followed with an announcement of a $940 million investment by the SoftBank Vision Fund, in exchange for what Ferguson calls a “very, very significant ownership stake.” Nuro had been introduced to SoftBank after talks with Cruise fell through.

Thousands of bots

Apart from robotic dogs, what does the future hold for a newly cash-rich Nuro?

“We’re very excited about the Scottsdale pilot, but it’s basically one grocery store in one ZIP code,” says Ferguson. Shortly after our interview, Nuro announced that it would be expanding its delivery service to four more ZIP codes in Houston, Texas.

“Next year and onwards, we want to start to realize the potential of what we’re building to eventually service millions of people” Ferguson said. We’re aggressively expanding the number of partners we’re working with and we’re working on how we manufacture a vehicle at a large scale.”

Nuro will likely to partner with an established auto OEM to build a fleet of what Ferguson hopes will become tens or hundreds of thousands of driverless vehicles. Last week, it petitioned the National Highway Traffic Safety Administration (NHTSA) for exemptions to safety standards that do not make sense for a driverless vehicle – like having to install a windshield or rearview mirrors.

Nuro told NHTSA that it wants to introduce up to 5,000 upgraded vehicles called the R2X, over the next two years. The electric vehicles would have a top speed of 25 miles per hour and appear very similar to the R1 prototype operating in Arizona and Texas today. The R2X will have 12 high-def cameras, radars, and a top-mounted LiDar sensor. Nuro said it would not sell the vehicle but “own and centrally operate the entire fleet of R2Xs through partnerships with local businesses.”

“Providing services is also very expensive,” Ferguson explained. “Look at Uber or Lyft. As we scale up to the population we’re trying to serve and the number of verticals we’re looking at, it requires capital to operate until we’re profitable, which will not happen this year.”

Elon Musk defends tweets in SEC’s contempt proceedings

Tesla CEO Elon Musk argued Friday that his Twitter use did not violate a settlement agreement with the U.S. Securities and Exchange Commission and that the agency’s request to have him held in contempt is based on a “radical interpretation” of the order, according to court papers filed in Manhattan federal court.

The SEC has asked a judge to hold Musk in contempt for violating a settlement agreement reached last year over Musk’s now infamous “funding secured” tweet. Under that agreement, Musk is supposed to get approval from Tesla’s board before communicating potentially material information to investors.

Musk contends he didn’t violate the agreement and that the problem lies in the SEC’s interpretation, which he describes as “virtually wrong at every level.” The filing also reveals new details about the settlement negotiations, notably that the SEC sent Musk a draft agreement that would have required him to obtain pre-approval for all public statements related to Tesla, in any format.

Musk and Tesla never agreed to those terms. Instead, Musk says the agreement requires him to comply with Tesla own policy, which would require pre-approval for “written communications that contain, or reasonably could contain, information material to the company or its shareholders.”

The barbs traded via court filings are the latest in an escalating fight between the billionaire entrepreneur and SEC that began last August when Musk tweeted that he had “funding secured” for a private takeover of the company at $420 per share.  The SEC filed a complaint in federal district court in September alleging that Musk lied.

Musk and Tesla settled with the SEC last year without admitting wrongdoing. Tesla agreed to pay a $20 million fine; Musk had to agree to step down as Tesla chairman for a period of at least three years; the company had to appoint two independent directors to the board; and Tesla was also told to put in place a way to monitor Musk’s statements to the public about the company, including via Twitter.

But the fight was re-ignited last month after Musk sent a tweet on February 19 that Tesla would produce “around” 500,000 cars this year, correcting himself hours later to clarify that he meant the company would be producing at an annualized rate of 500,000 vehicles by year end.

The SEC argued that the tweet sent by Musk violated their agreement. Musk has said the tweet was “immaterial” and complied with the settlement.