Tesla
- $100 – $100,000 per vulnerability
NEW REWARDS section on the brief - Vehicle Targets being paid up to $100k!
We hope your testing is going well. Here is an update that should make things a bit more interesting! There have been some updates to the brief to incentivize testing against vehicle targets.
Here are the details that have been updated on the brief:
Critical ($50,000 - $100,000)
- Remote zero-click to unconfined root on infotainment
- Any remote code execution on a CAN-connected ECU, e.g. Autopilot, VCSEC, Gateway
- Infotainment pivot to CAN-connected ECU, e.g. Autopilot, VCSEC, Gateway
High ($20,000 - $50,000)
- Remote one-click to unconfined root on infotainment
- Unconfined root persistence on infotainment or Autopilot
- Remote zero-click on lower-privileged peripherals (WiFi/BT firmware, baseband)
- Local privilege escalation from unprivileged process
Moderate ($10,000 - $20,000)
- Unprivileged remote code execution on infotainment
- Unconfined root on infotainment or Autopilot via ethernet
- Unconfined root on infotainment or Autopilot via USB
- Zero-click radio module remote code execution
- Steam VM escape
Low ($500 - $10,000)
- Unprivileged persistence on infotainment or Autopilot
- Local drive authentication bypass
- PIN-to-Drive bypass
We do not award bounties for:
- Relay attacks
- Hardware-based glitching and side-channel attacks
- Confusing Autopilot by modifying the environment, such as adding lines to the road (CWE-XKCD-1958 attacks)
- Tesla-specific known issues (e.g., publicly reported or previously reported by another researcher)
- Chromium and/or Webkit bugs, unless chained with a full sandbox escape
- Persistence and/or secure boot bypasses on Tegra-based infotainment systems
- Attacks that require physical access on Tegra-based infotainment systems
Payout Factors
- If a vulnerability affects multiple systems, e.g. shared code, bounty will be determined by the highest single amount with a bonus determined at Tesla's discretion
- The bounty amount may be reduced if the attack is unreliable, relies on unusual conditions being met, etc.
- A working proof-of-concept will help ensure you receive the maximum applicable payout for your report
- Internal duplicates that are not yet fixed will still be rewarded at a reduced amount
- Vulnerabilities affecting Tegra-based infotainment systems are rewarded at Tesla's discretion, along with a reduced payout
- Superchargers and related infrastructure are out of scope
If there are any questions please contact support@bugcrowd.com