A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.
Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.
The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.
The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.
Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.
“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”
Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.
Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.
Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.
Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program
Instagram Stories links are now available for all accounts
Instagram has confirmed that it’s bringing the ability to and links to Stories for all user accounts. When Stories links were first revealed, they were only available for verified accounts or accounts with a certain number of followers. However, Instagram says over the years it has seen that the ability to share links to stories is helpful, so it’s expanding access to everyone.
The Instagram community has been asking for Stories links for everyone to make sharing content with friends and family easier. Links are now available for sharing for everyone with no stipulation on account size. To add links to Stories, users can use the Link sticker.
When people click the sticker, they will be redirected. Adding a Link sticker is easy and starts with capturing or uploading content to the story. Users then select the sticker tool from the navigation bar and tap the Link sticker to add the desired link. Once that is complete, users can place the sticker on their story, and there are variations of the sticker available.
Instagram also says it’s working on customizing the sticker to make it clear what users will see when they tap it. Instagram is also talking about its ongoing effort to keep its community of users safe. To facilitate safety, new accounts and accounts that repeatedly share content, including hate speech or misinformation, as well as anything that violates community guidelines, won’t have access to the Link sticker.
The Link sticker isn’t the only change Instagram has made this month. Previously, Instagram announced that its desktop app was getting photo upload capability. Before adding the capability to upload content from the desktop app, all uploading had to be done from the mobile app. The change was implemented on October 21.
2021 MacBook Pro teardown tease shows what’s on the inside
It’s very common for manufacturers like Apple to release new products, and fans always want to know what they look like on the inside. However, the last thing most of us want to do is tear apart our brand-new and expensive gadgets to look. Thankfully, IFIXIT has been gutting new devices for a long time, giving us a look at what’s on the inside without having to trash our own hardware.
Right now, a teardown for the 2021 MacBook Pro is being teased with a few pictures ahead of the full reveal. As you would expect, everything is packed very tightly into the thin and lightweight MacBook Pro notebooks. While there are no real details offered at this time about the hardware inside, we already know what to expect from Apple’s official event.
Apple has fitted its 2021 model notebooks with additional ports. An improved keyboard is integrated that hopefully won’t break if you eat lunch and work at the same time. MagSafe charging is integrated, and Apple ditched the Touch Bar for traditional function keys. The real changes come in new Apple silicon running the show. One interesting tidbit that has been shared from the full teardown is that the battery cells have pull tabs to make them easier to remove and aren’t crammed under a logic board.
We hope that means should your battery go bad down the road; you don’t have to completely disassemble the notebook to install a new one. The four outer cells of the battery have pull tabs similar to those used in the iPhone and MacBook Air. However, we will have to wait for the full teardown to know everything about these batteries and just how easy they are to remove and replace.
The prospect of more DIY friendly component placements should have Mac fans excited. The gang also got their hands on that $20 official Apple polishing cloth, simply called the “Polishing Cloth.” A price of $19 is pretty steep for cloth used to shine the screen of your iPhone, but it has an Apple logo, and that’s enough for some. The cloth feels like Alcantara and appears to be the same material used inside the iPad Smart Cover.
Android apps on Chrome OS will soon behave better with Compatibility mode
Although it isn’t exactly the one Google OS to rule them all, Chrome OS has long been able to run both of Google’s preferred platforms and then some. It did take a while before it could properly handle Android apps and, even then, there are still a lot of rough edges thanks to the wide variety and quality of those apps. Years after there have been tablets, many Android apps still live in a phone-only world, but that’s, fortunately, changing with Google’s latest push for big-screen Android devices and, of course, Chromebooks.
Android apps that have been made only with phones in mind behave unpredictably or undesirably on large screens. On tablets, they often force a portrait orientation, which can be awkward and unusable for tablets 10 inches or greater in size. On Chromebooks, the app’s UI gets stretched, delivering a very suboptimal experience.
Some Android apps let windows be resized on Chrome OS, allowing users to select what best works for them. Not all apps support this, however, and it’s often a guessing game that people shouldn’t have to play. With the upcoming Android 12L changes, they won’t have to.
As spotted by Chrome Unboxed last month, Google has been working on a compatibility mode for Android apps on Chrome OS and, apparently, on Android tablets, too. This will add a very conspicuous button in the middle of an Android app’s window title bar, indicating that a certain app’s UI is optimized for a certain form factor. More importantly, this feature automatically resizes an app’s window to make it look and behave better on Chromebooks and even lets users switch between different form options.
This is part of Google’s newly-announced push to support large-screen Android devices, what it calls Android 12L. Ideally, developers would design their apps to support different screen sizes and form factors, including foldables, but this Compatibility Mode at least offers a stop-gap measure for apps that don’t.
Australia also wants Google to unbundle search from Android
Enlarge / Let’s see, you landed on my “Google Ads” space, and with three houses… that will be $1,400. Ron...
Didi expands, inDriver monetizes to rival Uber, Bolt in Africa – TechCrunch
The on-demand transport space in Africa has evolved since San Francisco-based ride-hailing firm Uber first set up operations in South...
Nikon Z9 revealed with electronic shutter, 120FPS, 8K, 45.7MP
The new Nikon Z9 was revealed today as “the first flagship model of the Z series.” The company has what...
Apple’s App Privacy Report launches into beta to show you what your apps are up to – TechCrunch
Apple has now launched a beta version of its “App Privacy Report,” a new feature that aims to provide iOS...
Raspberry Pi Zero 2 W: 5x faster than the original for $5 more
Enlarge / The Raspberry Pi Zero 2 W. The diminutive Raspberry Pi Zero is getting its first upgrade in nearly...
Social2 years ago
CrashPlan for Small Business Review
Gadgets3 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Cars3 years ago
What’s the best cloud storage for you?
Social3 years ago
iPhone XS priciest yet in South Korea
Mobile3 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Security3 years ago
Google latest cloud to be Australian government certified
Cars3 years ago
SK Telecom and Samsung to collaborate on 5G for enterprise
Social3 years ago
Apple’s new iPad Pro aims to keep enterprise momentum