Pwn2Own Automotive: Researchers Earn Over $1.3 Million by Hacking Teslas and Infotainment Systems

The zero-day vulnerabilities in connected vehicles and their various systems have long been a concern for the automotive industry. To uncover and address these potential weaknesses, the Zero Day Initiative (ZDI) hosted its first-ever Pwn2Own Automotive competition. In this groundbreaking event, cybersecurity researchers and bug bounty hunters showcased their skills and earned an impressive total of $1.3 million by hacking into Teslas, electric vehicle chargers, and infotainment systems. This significant payout highlights the critical importance of identifying and patching vulnerabilities in connected vehicles.

Details of the Pwn2Own Automotive competition

The participants of Pwn2Own Automotive were awarded a collective sum of $1,323,750 for successfully demonstrating a whopping 49 unique vulnerabilities that were previously unknown. These exploits impacted various automotive products, ranging from electric vehicle chargers to infotainment systems. Such discoveries play a crucial role in fortifying the cybersecurity defenses of the automotive industry.

Winner of the competition

Emerging victorious in this prestigious competition was the Synacktiv team. Astoundingly, they secured a massive total of $450,000 in rewards for their exceptional hacking skills. A key exploit that contributed significantly to their triumph was hacking into a Tesla’s modem, earning them a jaw-dropping reward of $200,000. Additionally, they successfully breached the Tesla’s infotainment system, which resulted in another $100,000 reward, solidifying their position as the champions of the competition.

Breakdown of rewards and exploits

The first day of the Pwn2Own Automotive competition witnessed the highest rewards, totaling over $700,000. Noteworthy bounties included $60,000 for EV charger hacks and $40,000 for infotainment system breaches. These substantial amounts reflect the severity of these vulnerabilities and the urgency with which they need to be addressed.

On the second day, the Synacktiv team continued to excel, earning an additional $100,000 reward for their Tesla infotainment system exploit. Another notable achievement was a $35,000 reward given for an Automotive Grade Linux vulnerability. These discoveries further underscored the pervasive nature of vulnerabilities across various automotive products.

The third day of the event was marked by a $60,000 bounty awarded for an Emporia EV charger exploit. Additionally, three other EV charger exploits earned researchers $30,000 each, highlighting the importance of securing these crucial components of electric vehicles. Furthermore, several attempts resulted in payouts ranging from $20,000 to $26,000 for successful infotainment and EV charger hacks.

The future of Pwn2Own competitions

The success of Pwn2Own Automotive has paved the way for its continuation and further exploration of vulnerabilities in connected vehicles. ZDI has announced the forthcoming Pwn2Own Vancouver 2024, scheduled to take place from March 20-22 alongside the CanSecWest conference in Vancouver, Canada. With a prize pool exceeding $1 million, this event aims to attract even more researchers and reward their efforts in identifying and resolving cybersecurity loopholes in the automotive industry.

The impressive earnings of cybersecurity researchers and bug bounty hunters at the Pwn2Own Automotive competition provide a clear indication of the severity of vulnerabilities in connected vehicles. With a total payout exceeding $1.3 million, this event has shed light on the importance of robust cybersecurity practices within the automotive industry. As vehicles become increasingly connected and reliant on advanced technologies, it becomes imperative to identify and address potential vulnerabilities. The Pwn2Own competitions serve as a catalyst for innovation, pushing the industry to fortify its defenses and ensure the safety and security of connected vehicles.

Explore more

Ethereum Eyes $1,800 as Buterin Unveils Lean Roadmap

Digital asset markets often react violently to technical shifts, but the recent strategic pivot outlined by Vitalik Buterin has sparked a more calculated sense of optimism across the global decentralized finance ecosystem. The Ethereum network is currently navigating a pivotal transition phase where the complexity of past upgrades is being replaced by a streamlined vision designed to reduce hardware requirements

AI Transforms the Frontline Employee Lifecycle

High turnover in retail and manufacturing industries is often the direct result of systemic failure and fragmented technology rather than individual performance or a lack of motivation. In environments where every minute spent off the floor impacts the bottom line, a worker who cannot access their schedule or find a safety manual quickly becomes a significant flight risk. This phenomenon,

Can Your Android Device Run a Full Linux Desktop?

The modern smartphone possesses more raw computational power than the professional workstations that once powered global space exploration, yet its potential remains confined within a mobile interface. Android, while built on the robust Linux kernel, serves as a specialized environment that prioritizes touch interaction and energy efficiency over the versatile multitasking capabilities found in a traditional desktop setup. This inherent

Can Windows 11 Cloud Rebuild Replace Your Recovery USB?

The sudden failure of a primary operating system often triggers an immediate scramble for physical media, yet the necessity for a bootable USB drive is increasingly being challenged by sophisticated network-based solutions. For years, the gold standard for system recovery involved manual intervention with external hardware, which frequently contained outdated builds of Windows that required hours of patching after a

Can UiPath’s AI Strategy Bridge Its Massive Growth Gap?

The enterprise automation landscape has reached a critical juncture where the traditional efficiency gains of robotic process automation are no longer sufficient to satisfy investors who demand hyper-growth fueled by generative artificial intelligence. While UiPath built its empire on the promise of delegating repetitive tasks to software bots, the rapid emergence of agentic AI has forced a fundamental redesign of