During a global search for computer vulnerabilities, this young Senegalese hacker managed to crack a Tesla 3, the latest model of the car brand Elon Musk.
At first glance, he could be one of the many Senegalese surfers who populate the beaches of Dakar. An athletic build and broad shoulders trimmed to the waves make it unnoticed at this seaside restaurant. Yet at age 27, Amat Cama prefers keypads to surfboards. This rising star of the exclusive hacker sphere is among the first to succeed in hacking a Tesla, Elon Musk’s electric car.
It was during the last Pwn2Own (pronounced pone any yardstick), the most important competition in the field of the search of computer faults, in March 2019, that Amat Cama and his friend Richard Zhu managed to hack, in less than fifteen minutes, the built-in browser of the Tesla 3, the latest model of the brand. “A first step that will then search for other bugs in the car,” says Amat. They hope to succeed soon a complete piracy to control the vehicle. “We are working on it,” he says, mischievous.
However, these two pirates, forming the team Fluoroacetate, are far from being driven by a desire to harm, quite the contrary. “We are White Hats, ethical hackers with computer expertise. Our goal is to reveal technological loopholes to allow businesses to fill them before they are exploited by malicious people, “says Amat. The Pwn2Own competition is sponsored by Tesla Motors and Microsoft, who see it as an effective way to test the safety of their products.
From Dakar to Boston
Held twice a year, in November in Tokyo and in March in Vancouver, this hacking competition brings together teams from around the world. “We practiced for two months on the Tesla software to find flaws,” he says. Ten hours a day, reading code and groping. There are a lot of trials and failures before finding a workable bug. But with experience, you know in which parts of the code mistakes can be found. ”
Amat’s adventure began in 2010, when he decided to leave his native Senegal to pursue computer studies at Northeastern University in Boston. At the end of his first year, a comrade introduces him to hacking through War Games. Games of reverse engineering and puzzle solving. “I learned how a computer code works,” he says.
The revelation will come from his professor William Robertson, specialist in computer security. “We became friends and joined his passionate club. He introduced us to the competition of Capture The Flag, simulations where we must find as quickly as possible a file called Flag, hidden in the code of a website or server, “he says. From one-off weekends, Amat begins to dedicate weeks to it, drying up classes. This “devouring passion” pushes him to learn several languages: from DrRacket to C ++. “Technology is everywhere and to be a good hacker, you have to know how to learn fast while being patient. Do not be intimidated by what you do not know, “he advises.
“Everything is piratable”
His first big pirate victory is a collision. Via bugs in two video games, he takes control of a computer during a competition in 2016 in Shanghai. But his transition to what he calls “real hacking” will be done through a Chinese friend met online that motivates him to participate in Pwn2Own: “I did not think I had the level. For me, these guys were wizards! But he manages to access SMS and calls from a Samsung Galaxy S7. The next competition, with his friend Richard, he reiterates the piracy on a iPhone “much more secure”.
While he believes that the security of a phone is “a luxury”, computer failures in the software of autonomous cars, airplanes, bridges, power plants or nuclear are cold in the back. “We quickly realize that it is often the most important infrastructure that is the least well protected. Today, it must be assumed that everything is piratable. ”
Back in Africa for two years, he launched his computer security firm, Securin Technology. It provides advice and training to companies wishing to protect their products. “The continent needs to improve its fight against computer intrusions. Here, there is no law that requires companies to conduct regular security audits to protect the data of their customers, unlike the United States, “he says. Again this year, hackers managed to steal 17 billion CFA francs (26 million euros) from banks in the sub-region.
In Senegal, he wants to create a hacker club with the support of a university in Dakar and spread his culture of ethical piracy. By setting up in Africa, Amat made the same bet as many giants of new technologies. In February, Google opened its artificial intelligence lab in Ghana. Microsoft plans to launch two software development centers in 2019 in Nigeria and Kenya. As for Dakar, it will soon establish the future regional cyber security center supported by the French government.
By hacking the Tesla, Safari browsers from Apple and Microsoft’s Edge during the last Pwn2Own, the two friends won the first prize. They left with $ 375,000 (336,000 euros) and the car. “The Senegalese roads are not good enough to roll it here, Amat fun. So I left it in the United States. But no question of making it a hobby. It’s an object of study, a giant computer puzzle for these two pirates determined to find all its faults before a state or a malicious group does.