It was a successful hackathon for Senegalese cyber security consultant and researcher, Amat Cama, who won a total of $375,000 in cash for exposing bugs in the Tesla Model 3 car and other products in Vancouver, Canada.
Together with his teammate, Richard Zhu, Team Fluoroacetate – as they called themselves – was the only one to sign up for the first-ever automotive hacking at the Pwn2Own hacking competition held in March during the CanSecWest 2019 security conference.
They targeted Tesla’s infotainment system which had the smallest reward and managed to display a message on the car’s web browser by exploiting a just-in-time (JIT) bug in the renderer component.
This fete earned them $35,000 and a Tesla. They won the extra $340,000 by exploiting vulnerabilities in Safari, Oracle VirtualBox, VMware Workstation, Firefox, and Microsoft Edge.
Amat Cama and teammate were crowned Master of the Pwn for 2019 and they won the largest share of the $900,000 on offer by the organizers, Zero Day Initiative (ZDI), who paid $545,000 during the entire event for 19 bugs.
All the vulnerabilities exploited have been reported to vendors who have been given 90 days to release patches before Zero Day Initiative (ZDI) can disclose details of the most interesting vulnerabilities.
Amat Cama, popularly known as Acez, is an alumnus of Northeastern University in Boston where he graduated with a Bachelor of Science in Mathematics and Computer Science in 2014. He has worked with several cybersecurity firms in the United States including VSR and Qualcomm as a Security Engineer.
It all started in Dakar, Senegal for Cama who attended the Enko Waca International School (formerly West African College of the Atlantic) – a bilingual, secular and mixed institution that opened in 1996 in Ouakam. He studied Physics, Mathematics, Economics, French, English and Spanish and then graduated in 2010 with an International Baccalaureate.
In Dakar, he taught children at the S.O.S Kids’ Village and Talibou Dabo Center before getting admission to the Northeastern University where he was a member of the Cyber Defense Team and the Capture the Flag (CTF) Team. CTF is a computer security competition designed to attack and defend computer systems.
The avid CTF player was part of the Shellphish CTF team that took part in the DARPA Cyber Grand Challenge as well as a number of other competitions.
Amat Cama moved to Beijing City in 2017 after leaving Qualcomm to take up the job of Senior Security Researcher at the Beijing Chaitin Technology Co., Ltd. He left after eight months to work as an independent security researcher and consultant with an immense interest in hacking contests which are very lucrative.
The certified offensive security wireless professional with sharp reverse engineering, penetration testing and programming skills has won several awards in contests including the 2016 Hall of Fame prize at Geekpwn Shanghai for his demo of a remote exploit against the Valve Source engine.
In 2017, he successfully demonstrated a baseband exploit against the Samsung Galaxy S8 at Mobile Pwn2Own in Tokyo as an individual contestant. In the 2018 Pwn2Own contest in Tokyo, Amat Cama and his teammate were crowned Master of Pwn after winning over $200,000.
In total, he has won 19 awards and honours in competitions since 2011 with total cash rewards of over a million dollars. Cama is also a licensed private pilot.
