Blog

Hackers conquer Tesla’s in-car web browser and win a Model 3

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program

‘Shazam!’ is a superhero movie for kids, and that’s a great thing

TwitterFacebook

It’s been a long time since superheroes could be dismissed as mere kid stuff, thanks to stories as intelligent as Black Panther or as disturbing as The Dark Knight or as gleefully inappropriate as Deadpool.

But lost in all the praise over how mature and thoughtful and boundary-pushing these films can be is the fact that, well, superheroes are kid stuff. Most of us first fell in love with these larger-than-life crusaders as children, over comic books or Saturday morning cartoons or family trips to the multiplex.

More about Movies, Zachary Levi, Shazam, Entertainment, and Comic Culture

Wild videos show cruise ship chaos as rough seas prompt an evacuation

TwitterFacebook

Incredible videos shared on Twitter are showing the wild rough seas that have led to the evacuation of 1,300 people from a cruise ship off the coast of Norway. 

The ship, Viking Cruise’s “Viking Sky,” sent a distress signal Saturday afternoon local time, reporting “engine problems in bad weather,” according to CNN. And videos from both inside the cruise ship and from the shore show how bad the seas are. 

The BBC reports that at least one of the ship’s engines was successfully restarted, enabling the Viking Sky to move a bit further from the rocky shore. Not surprisingly, the BBC also notes, “The area is known as the Hustadvika and is reportedly one of the most dangerous stretches of Norway’s coast.” Read more…

More about Norway, Cruise Ship, Viking Sky, Viking Cruises, and Culture

Hashtag about a world without Twitter is trending… on Twitter

TwitterFacebook

If we’re being honest, tweeting about what the world would be like without Twitter is peak 2019. And, yet, here we are, with #InAWorldWithoutTwitter trending on an early Spring Saturday.

The tweets are a mix of genuine and jokes yet most of them all hold a grain of truth in them and reveal the best and worst of Twitter as a platform.

#InAWorldWithNoTwitter we’d have no covfefe
No hamberders
No smocking guns
No unpresidented
No Scott Free
No wire tapp
No Melanie
No Councel

But we’d still have Tim Applepic.twitter.com/aDz8B4k5Qz

— BrooklynDad_Defiant! (@mmpadellan) March 23, 2019

People would use there, there or they’re incorrectly their entire lives#InAWorldWithNoTwitter

— Jesse Lifson (@DoYouEvenLIf) March 23, 2019 Read more…

More about Twitter, Social Media, Trending Topics, Culture, and Social Media Companies

Reporter used spit to fix hair and Twitter can’t handle it

TwitterFacebook

Pity the remote reporter who has no control when the feed goes live and catches him or her in a vulnerable moment.

This happened to NBC’s Matt Bradley who was broadcasting a live spot from Syria about the fight against ISIS. When the feed switched over, unbeknownst to Bradley, viewers got a full dose of the reporter using his spit to fix his hair.

Oh man, poor Bradley. Plenty of us have done something similar before in a moment of desperation but we weren’t caught doing it on national cable television. Sure enough, Twitter responded to video of the moment with shock.

pic.twitter.com/jAmwuA0mfu

— Scooter Phoenix (@ScooterPhoenix) March 22, 2019 Read more…

More about Syria, Isis, Nbc, Matt Bradley, and Culture