Fancy a new Tesla Model 3, but can’t afford the price tag? No problem: you can have it for free – as soon as you hack into the car’s security system.
The car prize is part of Trend Micro’s latest vulnerability research competition, Pwn2Own Vancouver, run by the company’s Zero Day Initiative (ZDI), which aims to find weaknesses and vulnerabilities in software systems.

This year’s contest includes the new automotive category, through a partnership with Tesla, as well as a continued partnership with Microsoft and sponsorship from VMware. Collectively, more than $1-million in cash and prizes is available for researchers through the contest.

Continuing the IoT focus of the recent Pwn2Own Tokyo, which added consumer IoT devices to the contest’s targets, this year’s Pwn2Own Vancouver expands to include a Tesla Model 3, the best-selling luxury vehicle in the US last year, to the target list.

Tesla pioneered the concept of bringing over-the-air software updates to automobiles in 2012, and since then, the company has issued hundreds of over-the-air updates that have made Tesla cars smarter, faster, safer and more enjoyable to drive. Tesla’s involvement in the competition marks a new step in the era of connected devices.

“Since 2007, Pwn2Own has become an industry-leading contest that encourages new areas of vulnerability research on today’s most critical platforms,” says Brian Gorenc, senior director of vulnerability research for Trend Micro. “Over the years we have added new targets and categories to direct research efforts toward areas of growing concern for businesses and consumers.

“This year, we’ve partnered with some of the biggest names in technology to further this commitment and continue driving relevant vulnerability research.”

The partnerships add new platforms to the contest’s well-known list of targets, including virtualisation platforms, enterprise applications, web browsers, and more.

The full list of targets includes: Automotive Category – Tesla Model 3; Virtualisation Category – Oracle VirtualBox; VMware Workstation – VMware ESXi and Microsoft Hyper-V Client; Browser Category – Google Chrome, Microsoft Edge, Apple Safari and Mozilla Firefox; Enterprise Applications Category – Adobe Reader, Microsoft Office 365 and Microsoft Outlook; Server-side Category – Microsoft Windows RDP.

“We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us,” says David Lau, vice-president of vehicle software at Tesla. “Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle – we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community.

“We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems.”