Connect with us

Tech News

Hackers conquer Tesla’s in-car web browser and win a Model 3 – TechCrunch

Published

on

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

Instagram Stories links are now available for all accounts

Published

on

Instagram has confirmed that it’s bringing the ability to and links to Stories for all user accounts. When Stories links were first revealed, they were only available for verified accounts or accounts with a certain number of followers. However, Instagram says over the years it has seen that the ability to share links to stories is helpful, so it’s expanding access to everyone.

The Instagram community has been asking for Stories links for everyone to make sharing content with friends and family easier. Links are now available for sharing for everyone with no stipulation on account size. To add links to Stories, users can use the Link sticker.

When people click the sticker, they will be redirected. Adding a Link sticker is easy and starts with capturing or uploading content to the story. Users then select the sticker tool from the navigation bar and tap the Link sticker to add the desired link. Once that is complete, users can place the sticker on their story, and there are variations of the sticker available.

Instagram also says it’s working on customizing the sticker to make it clear what users will see when they tap it. Instagram is also talking about its ongoing effort to keep its community of users safe. To facilitate safety, new accounts and accounts that repeatedly share content, including hate speech or misinformation, as well as anything that violates community guidelines, won’t have access to the Link sticker.

The Link sticker isn’t the only change Instagram has made this month. Previously, Instagram announced that its desktop app was getting photo upload capability. Before adding the capability to upload content from the desktop app, all uploading had to be done from the mobile app. The change was implemented on October 21.

Continue Reading

Tech News

2021 MacBook Pro teardown tease shows what’s on the inside

Published

on

It’s very common for manufacturers like Apple to release new products, and fans always want to know what they look like on the inside. However, the last thing most of us want to do is tear apart our brand-new and expensive gadgets to look. Thankfully, IFIXIT has been gutting new devices for a long time, giving us a look at what’s on the inside without having to trash our own hardware.

Right now, a teardown for the 2021 MacBook Pro is being teased with a few pictures ahead of the full reveal. As you would expect, everything is packed very tightly into the thin and lightweight MacBook Pro notebooks. While there are no real details offered at this time about the hardware inside, we already know what to expect from Apple’s official event.

Apple has fitted its 2021 model notebooks with additional ports. An improved keyboard is integrated that hopefully won’t break if you eat lunch and work at the same time. MagSafe charging is integrated, and Apple ditched the Touch Bar for traditional function keys. The real changes come in new Apple silicon running the show. One interesting tidbit that has been shared from the full teardown is that the battery cells have pull tabs to make them easier to remove and aren’t crammed under a logic board.

We hope that means should your battery go bad down the road; you don’t have to completely disassemble the notebook to install a new one. The four outer cells of the battery have pull tabs similar to those used in the iPhone and MacBook Air. However, we will have to wait for the full teardown to know everything about these batteries and just how easy they are to remove and replace.

The prospect of more DIY friendly component placements should have Mac fans excited. The gang also got their hands on that $20 official Apple polishing cloth, simply called the “Polishing Cloth.” A price of $19 is pretty steep for cloth used to shine the screen of your iPhone, but it has an Apple logo, and that’s enough for some. The cloth feels like Alcantara and appears to be the same material used inside the iPad Smart Cover.

Continue Reading

Tech News

Android apps on Chrome OS will soon behave better with Compatibility mode

Published

on

Although it isn’t exactly the one Google OS to rule them all, Chrome OS has long been able to run both of Google’s preferred platforms and then some. It did take a while before it could properly handle Android apps and, even then, there are still a lot of rough edges thanks to the wide variety and quality of those apps. Years after there have been tablets, many Android apps still live in a phone-only world, but that’s, fortunately, changing with Google’s latest push for big-screen Android devices and, of course, Chromebooks.

Android apps that have been made only with phones in mind behave unpredictably or undesirably on large screens. On tablets, they often force a portrait orientation, which can be awkward and unusable for tablets 10 inches or greater in size. On Chromebooks, the app’s UI gets stretched, delivering a very suboptimal experience.

Some Android apps let windows be resized on Chrome OS, allowing users to select what best works for them. Not all apps support this, however, and it’s often a guessing game that people shouldn’t have to play. With the upcoming Android 12L changes, they won’t have to.

As spotted by Chrome Unboxed last month, Google has been working on a compatibility mode for Android apps on Chrome OS and, apparently, on Android tablets, too. This will add a very conspicuous button in the middle of an Android app’s window title bar, indicating that a certain app’s UI is optimized for a certain form factor. More importantly, this feature automatically resizes an app’s window to make it look and behave better on Chromebooks and even lets users switch between different form options.

This is part of Google’s newly-announced push to support large-screen Android devices, what it calls Android 12L. Ideally, developers would design their apps to support different screen sizes and form factors, including foldables, but this Compatibility Mode at least offers a stop-gap measure for apps that don’t.

Continue Reading

Trending