Sunday, February 9, 2025
HomeComputer SecurityPwn2Own 2019 - Tesla Car Internet Browser Hacked - Hackers Won the...

Pwn2Own 2019 – Tesla Car Internet Browser Hacked – Hackers Won the Car & $545,000 in Total – Day 3

Published on

SIEM as a Service

Follow Us on Google News

First and the second-day contest ended up with a various successful attempt to exploit the different bugs in multiple software vendors including, Microsoft, VMware, Oracle and Apple.

In Pwn2Own 2019 final day, Zero Day Initiative introduced the Tesla car in automotive category and the Fluoroacetate team made an attempt to exploit the Tesla Model 3 internet browser.

Tesla offers the prizes range from $35,000 to $300,000 depending on a variety of factors including the exploit used.

Finally, Fluoroacetate team used a JIT bug and exploit the browser let displays their message remotely from their system.

In this case, Successfully demonstration reward $35,000, Of course, they also get the car which they exploited.

Fluoroacetate team of Richard Zhu and Amat Cama earned them $375,000, laptops and a car over the contest and resulted in 36 Master of Pwn points.

Another team Team KunnaPwn who have registered in the automotive category withdrew their entry, Although they didn’t demonstrate any of their research at this contest.

According to ZDI, “Overall, the three days of Pwn2Own Vancouver 2019 have been a great success. We have awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and – in its inaugural year – the Tesla infotainment system. “

In this case, all the exploited zero-day report will be notified to respective vendors and now have 90 days to produce security patches to address the issues we reported. ZDI said.

Also, you can take this online Course Bundle to learnMastery Web Hacking & Bug Bounty

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

CryptoDNA: AI-Powered Cryptojacking Defense Against DDoS Threats in Healthcare IoT

The integration of Internet of Things (IoT) and Internet of Medical (IoM) devices has...

Critical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library

A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used...