Connect with us

Tech News

Hackers conquer Tesla’s in-car web browser and win a Model 3 – TechCrunch

Published

on

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

Bose SoundControl Hearing Aids don’t need a prescription

Published

on

As always, it seems that technological innovations are coming full circle. The quality and conveniences of wireless audio made their way from earphones to hearing aids a few years back and now advancements in ear care are coming to consumer audio accessories. Bose, a name renowned for its audio technology, is taking advantage of that cycle and is launching the SoundControl Hearing Aid, its first stab at such a product but one that doesn’t need a doctor’s appointment to acquire.

There have been a handful of new devices that have come up in the past two or so years that aim to revolutionize the hearing aid market. Many of these seem to have taken cues from modern wireless earbuds in terms of the conveniences offered by smartphones, Bluetooth audio, and the like. One thing that these hearing aids have over your consumer wireless earbuds is the accuracy and personalization of settings to each person’s unique hearing profiles, something that Bose is now trying to address.

These hearing aids are, of course, considered medical devices more than consumer products and their precision and advanced features come at more than the cost of the device itself. They often need a doctor’s prescription or at least a checkup, something that is more than just inconvenient these days. Some hearing aid companies have started to adopt remote or virtual doctor’s appointments but Bose does away with even that.

That’s what makes the Bose SoundControl Hearing Aids special because they have been FDA-approved to be sold directly to consumers, no need for professional advice. That said, Bose’s Hear app, designed especially for this device, does offer the opportunity to have a one-on-one appointment with product experts for free. Given the price tag of this thing, it’s not exactly too generous an offer.

The Bose SoundControl Hearing Aids are lightweight and practically invisible, with the main electronics hiding behind your ears, out of sight. In just 30 minutes, you can set up your personal settings in the Bose Hear app without fiddling with confusing controls or even asking a doctor. Users will also be able to choose between Focusing on certain voices or letting sound in from Everywhere. A pair does cost a hefty $850, though, but it might still be a fraction of the total expenses for a formal hearing aid, not to mention a doctor’s fee.

Continue Reading

Tech News

OnePlus 7 and 7T Android 11 update is reportedly very buggy

Published

on

OnePlus has been making great strides and making big promises regarding its Android updates but it might need a bit more work when it comes to the quality of those updates. Though fortunately not the norm, OnePlus has been known to have pushed updates with rather notable issues, some of them worse than others. That is the unfortunate experience that OnePlus 7 and OnePlus 7T owners are reportedly having after the Android 11 and OxygenOS 11 upgrade brought not only new features but also bugs that remain unfixed more than a month later.

OnePlus has had rather problematic upgrades but it seems that the OxygenOS 11 update, which also brings Android 11, is taking the cake. There have been reports about problems with the latest update across many of OnePlus’ phones, including the OnePlus Nord, but owners of the company’s 2019 models are the ones that seem to have gotten the short end of the stick.

A growing number of complaints on Reddit as well as OnePlus’s own forums reveal the rather unfavorable situation regarding the update. Those complaints are all over the place, from greater battery drain to dropped frames that could affect mobile gaming. There are also worrying reports of overheating, at least more than usual, which could raise red flags when it comes to safety.

Given the wide range of issues, there is no single known source of the problem other than the Android 11 update. Of course, other phones on Android 11 don’t report such problems and OnePlus users are quick to blame OxygenOS 11 as the real culprit. It doesn’t help that this version of OnePlus’s custom Android experience isn’t exactly that popular because of the heavy changes that the company made.

OnePlus already pushed a minor update to these phones but it doesn’t seem to have addressed the problems to users’ satisfaction. Unfortunately, the only way to get around the problem is to downgrade back to Android 10, which is also impractical for many OnePlus 7 and 7T owners.

Continue Reading

Tech News

Windows Holographic 21H1 update brings major new features to HoloLens

Published

on

Windows 10’s first major feature update of the year is already being prepared for rollout but it seems that the HoloLens 2 is getting dibs on its own major update before PCs. In fact, this update might be even more feature-packed than Windows 10’s May 2021 update itself. Windows Holographic version 21H1 is now available for download and it finally brings Microsoft’s better version of its Edge web browser, the one based on Google Chromium, of course.

Microsoft has been pushing its Chromium-based Edge rather aggressively wherever it can, replacing the old edgeHTML version as if it never existed. It isn’t just on PCs, of course, and even its mixed reality platform is getting the new Microsoft Edge web browser. And it isn’t just about having a shiny, modern web browser either.

The new Edge also enables WebXR experiences that the older web engine couldn’t support. Perhaps more importantly, it also allows PWAs or Progressive Web Apps to be installed alongside proper Windows apps from the Microsoft Store. Microsoft has also been pushing these web apps hard in an attempt to fill in the gaps left by its UWP platform.

Windows Holographic version 21H1 also pushes some changes to the operating system’s settings UI. One very notable change is the power menu that now behaves and looks more similar to the ones you see in Windows 10 on desktops. That includes the orange dots that indicate an update will occur when you restart or shut down the device.

The upgrade also makes handling multiple users less painful, now showing a list of users on the login screen to save you from typing user names over and over again. For devices in Kiosk mode, visitors can also be automatically logged in, though that default behavior can also be turned off by the device administrator. Windows Holographic 21H1 is available for the HoloLens 2 and also marks the end of support for the old version 1903 from two years ago.

Continue Reading

Trending