The Pwn2Own conference has been taking place each year over the past decade, giving talented folks an opportunity to show off their skills when it comes to discovering and exploiting security vulnerabilities. What makes Pwn2Own a little different from other conferences is that not only does it offer cash prizes as rewards, but also the compromised devices themselves as bounty.
At the top of the year, Tesla announced that it would be participating in Pwn2Own, “sacrificing” a Model 3, giving participants a chance to take home a vehicle of their very own. Now that the conference is over, a duo has emerged victorious, taking home the car and a separate $35,000 reward. Amat Cama and Richard Zhu, who combine to form Fluoroacetate , used a JIT bug in the car’s browser renderer to make the feat possible. Fluoroacetate was also able to take home prizes from other events, with their total haul coming in at $375,000.
Many companies offer bug bounty programs that allow researchers to discover and submit their work. Tesla is the same, using Bugcrowd to reward people, giving anywhere from $100 to $15,000 USD per successful submission. Although the conference has now ended and participants will be able to head home with their hard earned bounties, the work never stops. If you have the knowledge, you too can claim prizes by checking to see if your favorite software or hardware company offers a bounty program.