At Pwn2Own Automotive 2025, a hacking competition held by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan, hackers earned significant rewards for exploiting vulnerabilities in electric vehicle (EV) chargers and infotainment systems. On the second day of the event, a total of $335,500 was awarded, adding to the previous day’s $382,750, bringing the total to $718,250. Researchers targeted Tesla’s Wall Connector charger, and the exploits resulted in impressive payouts.
The Tesla Wall Connector charger was the focus of multiple successful exploits, earning hackers a total of $129,500.
One team earned the maximum reward of $50,000 for taking control of the device and causing it to crash. Another team used an innovative exploit that leveraged the charging connector itself, earning them $45,000. Two other teams received smaller payouts of $22,500 and $12,500 for exploiting Tesla EV chargers, but these exploits targeted previously known bugs.
In addition to the Tesla charger exploits, there were other notable achievements at the event. For instance, researchers earned $50,000 for exploiting vulnerabilities in Wolfbox chargers, $25,000 for exploiting Phoenix Contact chargers, and $23,000 for Autel EV charger exploits. The hackers showed their skills in taking over devices and systems that are critical to the automotive industry, highlighting potential security risks within the electric vehicle sector.
Notably, there was no attempt to hack a Tesla vehicle, despite the competition organizers being prepared to award a car and up to $500,000 for a successful exploit of Tesla’s autopilot system. Last year’s Pwn2Own event saw a total of $1.3 million in rewards, with significant attention focused on Tesla vehicles, EV chargers, and infotainment systems. The ongoing competition continues to demonstrate the vulnerabilities present in emerging technologies within the automotive industry.
