Pwn2Own Automotive: Researchers Earn Over $1.3 Million by Hacking Teslas and Infotainment Systems

The zero-day vulnerabilities in connected vehicles and their various systems have long been a concern for the automotive industry. To uncover and address these potential weaknesses, the Zero Day Initiative (ZDI) hosted its first-ever Pwn2Own Automotive competition. In this groundbreaking event, cybersecurity researchers and bug bounty hunters showcased their skills and earned an impressive total of $1.3 million by hacking into Teslas, electric vehicle chargers, and infotainment systems. This significant payout highlights the critical importance of identifying and patching vulnerabilities in connected vehicles.

Details of the Pwn2Own Automotive competition

The participants of Pwn2Own Automotive were awarded a collective sum of $1,323,750 for successfully demonstrating a whopping 49 unique vulnerabilities that were previously unknown. These exploits impacted various automotive products, ranging from electric vehicle chargers to infotainment systems. Such discoveries play a crucial role in fortifying the cybersecurity defenses of the automotive industry.

Winner of the competition

Emerging victorious in this prestigious competition was the Synacktiv team. Astoundingly, they secured a massive total of $450,000 in rewards for their exceptional hacking skills. A key exploit that contributed significantly to their triumph was hacking into a Tesla’s modem, earning them a jaw-dropping reward of $200,000. Additionally, they successfully breached the Tesla’s infotainment system, which resulted in another $100,000 reward, solidifying their position as the champions of the competition.

Breakdown of rewards and exploits

The first day of the Pwn2Own Automotive competition witnessed the highest rewards, totaling over $700,000. Noteworthy bounties included $60,000 for EV charger hacks and $40,000 for infotainment system breaches. These substantial amounts reflect the severity of these vulnerabilities and the urgency with which they need to be addressed.

On the second day, the Synacktiv team continued to excel, earning an additional $100,000 reward for their Tesla infotainment system exploit. Another notable achievement was a $35,000 reward given for an Automotive Grade Linux vulnerability. These discoveries further underscored the pervasive nature of vulnerabilities across various automotive products.

The third day of the event was marked by a $60,000 bounty awarded for an Emporia EV charger exploit. Additionally, three other EV charger exploits earned researchers $30,000 each, highlighting the importance of securing these crucial components of electric vehicles. Furthermore, several attempts resulted in payouts ranging from $20,000 to $26,000 for successful infotainment and EV charger hacks.

The future of Pwn2Own competitions

The success of Pwn2Own Automotive has paved the way for its continuation and further exploration of vulnerabilities in connected vehicles. ZDI has announced the forthcoming Pwn2Own Vancouver 2024, scheduled to take place from March 20-22 alongside the CanSecWest conference in Vancouver, Canada. With a prize pool exceeding $1 million, this event aims to attract even more researchers and reward their efforts in identifying and resolving cybersecurity loopholes in the automotive industry.

The impressive earnings of cybersecurity researchers and bug bounty hunters at the Pwn2Own Automotive competition provide a clear indication of the severity of vulnerabilities in connected vehicles. With a total payout exceeding $1.3 million, this event has shed light on the importance of robust cybersecurity practices within the automotive industry. As vehicles become increasingly connected and reliant on advanced technologies, it becomes imperative to identify and address potential vulnerabilities. The Pwn2Own competitions serve as a catalyst for innovation, pushing the industry to fortify its defenses and ensure the safety and security of connected vehicles.

Explore more

VodafoneThree Drives 5G Innovation With Network Automation

The rapid expansion of 5G Standalone infrastructure across the United Kingdom has necessitated a fundamental shift in how telecommunications giants manage the increasing complexity of modern cellular traffic. As VodafoneThree consolidates its dominant market position throughout 2026, the implementation of sophisticated network automation tools has transitioned from a competitive advantage to an absolute operational necessity. By moving away from legacy

Vulnerable Microsoft-Signed Shims Allow Secure Boot Bypass

The fundamental promise of UEFI Secure Boot relies on a chain of trust that ensures only verified, cryptographically signed code executes during the critical early stages of a computer’s power-on sequence. When this chain is compromised, the entire security foundation of a modern computing environment is placed at significant risk. Recent discoveries have highlighted vulnerabilities within several versions of the

How Do You Move Your GP General Ledger to Business Central?

The familiar rhythm of month-end procedures in Microsoft Dynamics GP has provided a reliable sanctuary for finance departments for decades, but that comfort is rapidly vanishing as the cloud transition becomes mandatory. For years, the legacy platform served as a fortress of stability, anchoring the financial operations of thousands of organizations through economic shifts and regulatory changes. However, the landscape

How Does Copilot Drive Real ROI in Dynamics 365?

Beyond the Hype: The Evolution of Copilot into a Standard Business Engine Modern business leaders are no longer asking if artificial intelligence works but are instead demanding granular proof that these sophisticated algorithms can actually generate a measurable impact on the quarterly balance sheet. Microsoft Copilot has transitioned rapidly from an experimental AI curiosity to a foundational element of the

Microsoft Business Central 2026 Wave 1 Boosts ERP Efficiency

As the enterprise landscape evolves, the upcoming Microsoft Business Central 2026 Release Wave 1 marks a significant shift toward deeper automation and more fluid system integrations. Dominic Jainy, an IT expert with a sharp focus on how emerging technologies like machine learning and blockchain intersect with business logic, provides a comprehensive look at these upcoming changes. This discussion explores the