Pwn2Own Automotive: Researchers Earn Over $1.3 Million by Hacking Teslas and Infotainment Systems

The zero-day vulnerabilities in connected vehicles and their various systems have long been a concern for the automotive industry. To uncover and address these potential weaknesses, the Zero Day Initiative (ZDI) hosted its first-ever Pwn2Own Automotive competition. In this groundbreaking event, cybersecurity researchers and bug bounty hunters showcased their skills and earned an impressive total of $1.3 million by hacking into Teslas, electric vehicle chargers, and infotainment systems. This significant payout highlights the critical importance of identifying and patching vulnerabilities in connected vehicles.

Details of the Pwn2Own Automotive competition

The participants of Pwn2Own Automotive were awarded a collective sum of $1,323,750 for successfully demonstrating a whopping 49 unique vulnerabilities that were previously unknown. These exploits impacted various automotive products, ranging from electric vehicle chargers to infotainment systems. Such discoveries play a crucial role in fortifying the cybersecurity defenses of the automotive industry.

Winner of the competition

Emerging victorious in this prestigious competition was the Synacktiv team. Astoundingly, they secured a massive total of $450,000 in rewards for their exceptional hacking skills. A key exploit that contributed significantly to their triumph was hacking into a Tesla’s modem, earning them a jaw-dropping reward of $200,000. Additionally, they successfully breached the Tesla’s infotainment system, which resulted in another $100,000 reward, solidifying their position as the champions of the competition.

Breakdown of rewards and exploits

The first day of the Pwn2Own Automotive competition witnessed the highest rewards, totaling over $700,000. Noteworthy bounties included $60,000 for EV charger hacks and $40,000 for infotainment system breaches. These substantial amounts reflect the severity of these vulnerabilities and the urgency with which they need to be addressed.

On the second day, the Synacktiv team continued to excel, earning an additional $100,000 reward for their Tesla infotainment system exploit. Another notable achievement was a $35,000 reward given for an Automotive Grade Linux vulnerability. These discoveries further underscored the pervasive nature of vulnerabilities across various automotive products.

The third day of the event was marked by a $60,000 bounty awarded for an Emporia EV charger exploit. Additionally, three other EV charger exploits earned researchers $30,000 each, highlighting the importance of securing these crucial components of electric vehicles. Furthermore, several attempts resulted in payouts ranging from $20,000 to $26,000 for successful infotainment and EV charger hacks.

The future of Pwn2Own competitions

The success of Pwn2Own Automotive has paved the way for its continuation and further exploration of vulnerabilities in connected vehicles. ZDI has announced the forthcoming Pwn2Own Vancouver 2024, scheduled to take place from March 20-22 alongside the CanSecWest conference in Vancouver, Canada. With a prize pool exceeding $1 million, this event aims to attract even more researchers and reward their efforts in identifying and resolving cybersecurity loopholes in the automotive industry.

The impressive earnings of cybersecurity researchers and bug bounty hunters at the Pwn2Own Automotive competition provide a clear indication of the severity of vulnerabilities in connected vehicles. With a total payout exceeding $1.3 million, this event has shed light on the importance of robust cybersecurity practices within the automotive industry. As vehicles become increasingly connected and reliant on advanced technologies, it becomes imperative to identify and address potential vulnerabilities. The Pwn2Own competitions serve as a catalyst for innovation, pushing the industry to fortify its defenses and ensure the safety and security of connected vehicles.

Explore more

Apple iPhone 18 Leak Reveals RAM Upgrades for Advanced AI

Dominic Jainy brings a wealth of knowledge to the table regarding the hardware-software symbiosis required for modern artificial intelligence. As an IT professional deeply embedded in the evolution of silicon architecture and machine learning, he offers a unique perspective on why seemingly incremental hardware shifts often dictate the entire user experience. This discussion explores the technical nuances of Apple’s transition

Why Are Investors Choosing Pepeto Over Stagnant Ethereum?

The global cryptocurrency landscape is currently undergoing a fundamental reorganization as capital increasingly migrates from established legacy protocols toward nimble, utility-driven newcomers that offer significant growth potential. For years, Ethereum remained the undisputed leader in smart contract functionality, yet its recent price stagnation has left many market participants searching for more dynamic opportunities. This transition is not merely a product

AI Becomes the Core Infrastructure of Global Banking

The global financial sector has officially moved past the phase of speculative experimentation, cementing artificial intelligence as the definitive architectural foundation upon which all modern banking services now operate. This structural metamorphosis represents a pivot from peripheral innovation toward a state of full-scale operational maturity, where algorithms are no longer viewed as external additions but as the very core of

Will the Vivo X500 Series Set New Flagship Standards?

The swift evolution of mobile technology often leaves consumers wondering if the next major release will truly redefine the experience or simply polish existing features. Currently, the industry looks toward the X500 series as a potential catalyst for change. The pace of innovation has accelerated to a point where a yearly cycle no longer satisfies the hunger for cutting-edge hardware

AI and Supply Chain Risks Reshape the Cyber Threat Landscape

The speed at which a software vulnerability transforms from a quiet discovery into a weaponized global threat has reached a breaking point, redefining the very concept of digital defense. This phenomenon, frequently described as the compression of time, characterizes a modern landscape where the gap between the identification of a flaw and its active exploitation by malicious actors has essentially