By May 11, 2019

Look Who Took Home USD 375 K And A Tesla Model 3 For Hacking The Tesla, Microsoft, And Firefox

By May 11, 2019

From Dakar, Senegal comes the tale of a super-talented cybergeek who’s probably on the radar of every tech company from here to Silicon Valley, and for an unusual reason too.

We’ve grown used to celebrating folks who worked their way into our consciousness for building stuff, but here’s one who’s making a name for himself by being so good at tearing stuff down.

The name’s Amat Cama and he’s not your average “tech hero.” In fact, he’s more of a ‘tech villain’ – good thing tech companies fuss over the ‘bad guys’ even more than they are crazy about the ‘regular good guys.’

Amat Cama
Source: hof.geekpwn.org

But this bloke from Senegal is not exactly a bad guy; at least, not in the way it’s depicted in some of those Hollywood films. He breaks down defenses, encroaches into systems that are supposed to be ‘iron clad’ or ‘foolproof,’ and carts away useful information, but for a good cause, though.

This is not the case of an ‘internet desperado’ maliciously cracking cyber systems so as to wreak havoc. It’s more like a genius hacker identifying holes and backdoors in systems that are supposed to be impregnable fortresses so that those holes can be plugged. Lest some other person that was just as skilled, though with less noble intentions, had a field day ruining things.

In March this year, the CanSecWest Security Conference took place in Vancouver, Canada. The event featured a Pwn2Own hacking competition during which the first-ever automotive hacking contest took centre stage.

By the time the competition was over, Team Fluoroacetate; the team of Amat Cama and colleague, Richard Zhu, had helped themselves to cash prizes totaling USD 375 K and a Tesla. And guess why? For basically showing big tech firms just how vulnerable their systems are!

Richard Zhu and Amat Cama (Team Fluoroacetate) at the 2019 conference in Canada
Source: thisisafrica.me

First, Amat Cama and his colleague exposed bugs in the Tesla Model 3. They attacked the vehicle’s infotainment system and managed to gain entry, even displaying a message on the car’s web browser by exploiting a just-in-time (JIT) bug in the renderer component.

For their effort, they were rewarded with USD 35 K and a Tesla. The duo made up the cash rewards to USD 375 K by earning an extra USD 340 K as the reward for exploiting vulnerabilities in Safari, Oracle VirtualBox, VMware Workstation, Firefox, and Microsoft Edge.

One of the Prizes won – A Tesla Model 3
Source: face2faceafrica.com

It was indeed a successful hackathon for the Senegalese cybersecurity consultant and researcher whose journey began on a humble note in Dakar, Senegal, where he first proved his academic prowess at Enko Waca International School (formerly West African College of the Atlantic), graduating with an International Baccalaureate in 2010.

While in Dakar, he taught classes at both S.O.S Kids’ Village and Talibou Dabo Centre up until he left Senegal for the United States where he had gained admission into college.

While at Northeastern University, Boston, Amat signed up for the Cyber Defense Team and the Capture the Flag (CTF) team. This was due to his keen interest in computer security systems. In other words, he was fascinated by the very idea of breaking down defenses that would usually be dubbed untouchable.

Amat turned out a natural; finding his way around even the sternest of defenses, unraveling even the most intricately-entwined nexus of firewalls and security protocols.

Source: medium.com

He eventually graduated with a Bachelors degree in Mathematics and Computer Science from Northeastern University in 2014 and spent the next few years working with several cybersecurity firms in the United States including VSR and Qualcomm as a Security Engineer.

In what has been a storied journey, the Senegalese CTF enthusiast was a member of the Shellphish CTF team that participated in the DARPA Cyber Grand Challenge, and many other similar competitions – proving his mettle in each one of those.

In 2017, Amat Cama, or ‘Acez’ as he is popularly called. left his position at Qualcomm and moved to Beijing, China, where he had been offered the position of Senior Security Researcher at the Beijing Chaitin Technology Co., Ltd.

His stint with the company lasted only eight months and he was on the move again. This time, though, he decided to work as an independent security researcher and consultant with a big appetite for lucrative hacking competitions.

Amat Cama is a certified, top-notch offensive wireless security professional who is quite skilled at reverse engineering, penetration testing, and programming. His expertise in this line of work has seen him take home several awards in various contests, one of which was the 2016 Hall of Fame prize at GeekPwn Shanghai for his demo of a remote exploit against the Valve Source engine.

In 2017, he pulled off a baseband exploit against the Samsung Galaxy S8 at Mobile Pwn2Own in Tokyo as an individual contestant. At the 2018 Pwn2Own contest in Tokyo, Amat Cama and his teammate were crowned Master of Pwn after winning over USD 200 K.

Team Fluoroacetate at the 2018 Pwn Contest in Tokyo, Japan
Source: Twitter

And if you’re thinking that’s a one-off; at this year’s event which took place in Canada, Amat Cama was again named Master of the Pwn for 2019, along with his teammate, after they won the largest share of the USD 900 K that was put up for grabs by the organisers of the competition, Zero Day Initiative (ZDI), who doled out a total of USD 545 K during the entire event for as many as 19 discovered and exploited bugs.

All the vulnerabilities exploited have been reported to vendors who have up to 90 days to tighten things up before the ZDI can let out details of the most interesting ones.

Source: huodonjia.com

Amat Cama already has a trophy-laden cabinet and the successes recorded at the Canada CTF event brought up his awards/honours count to 19 since he became an active participant in such contests. That was in 2011 and in all that time, he’s also raked in cash rewards totaling over USD 1 Mn.

When the Senegalese geek is not trying to take advantage of bugs in systems or maybe take over the world, he’s probably flying planes above it. And he even has a private pilot license to show for it. Way to go, mate!

Featured Image Courtesy: face2faceafrica.com

Found the article interesting ? Follow us on Twitter to see what others are saying about it.

Did you like this article ?