It was a fruitful hackathon for Senegalese digital security expert and specialist, Amat Cama, who won an aggregate of $375,000 in real money for uncovering bugs in the Tesla Model 3 vehicle and different items in Vancouver, Canada.
Together with his colleague, Richard Zhu, Team Fluoroacetate – as they called themselves – was the only one to agree to accept the first-since forever car hacking at the Pwn2Own hacking rivalry held in March amid the CanSecWest 2019 security gathering.
They targeted Tesla’s infotainment system which had the smallest reward and managed to display a message on the car’s web browser by exploiting a just-in-time (JIT) bug in the renderer component.
This fete earned them $35,000 and a Tesla. They won the extra $340,000 by exploiting vulnerabilities in Safari, Oracle VirtualBox, VMware Workstation, Firefox, and Microsoft Edge.
— Zero Day Initiative (@thezdi) March 22, 2019
Amat Cama and teammate were crowned Master of the Pwn for 2019 and they won the largest share of the $900,000 on offer by the organizers, Zero Day Initiative (ZDI), who paid $545,000 during the entire event for 19 bugs.
All the vulnerabilities exploited have been reported to vendors who have been given 90 days to release patches before Zero Day Initiative (ZDI) can disclose details of the most interesting vulnerabilities.
Amat Cama, popularly known as Acez, is an alumnus of Northeastern University in Boston where he graduated with a Bachelor of Science in Mathematics and Computer Science in 2014. He has worked with several cybersecurity firms in the United States including VSR and Qualcomm as a Security Engineer.
It all started in Dakar, Senegal for Cama who attended the Enko Waca International School (formerly West African College of the Atlantic) – a bilingual, secular and mixed institution that opened in 1996 in Ouakam. He studied Physics, Mathematics, Economics, French, English and Spanish and then graduated in 2010 with an International Baccalaureate.
In Dakar, he taught children at the S.O.S Kids’ Village and Talibou Dabo Center before getting admission to the Northeastern University where he was a member of the Cyber Defense Team and the Capture the Flag (CTF) Team. CTF is a computer security competition designed to attack and defend computer systems.
The avid CTF player was part of the Shellphish CTF team that took part in the DARPA Cyber Grand Challenge as well as a number of other competitions.
Amat Cama moved to Beijing City in 2017 after leaving Qualcomm to take up the job of Senior Security Researcher at the Beijing Chaitin Technology Co., Ltd. He left after eight months to work as an independent security researcher and consultant with an immense interest in hacking contests which are very lucrative.
The certified offensive security wireless professional with sharp reverse engineering, penetration testing and programming skills has won several awards in contests including the 2016 Hall of Fame prize at Geekpwn Shanghai for his demo of a remote exploit against the Valve Source engine.
In 2017, he successfully demonstrated a baseband exploit against the Samsung Galaxy S8 at Mobile Pwn2Own in Tokyo as an individual contestant. In the 2018 Pwn2Own contest in Tokyo, Amat Cama and his teammate were crowned Master of Pwn after winning over $200,000.
— Zero Day Initiative (@thezdi) November 14, 2018
In total, he has won 19 awards and honours in competitions since 2011 with total cash rewards of over a million dollars. Cama is also a licensed private pilot.