During the Pwn2Own Automotive 2024 competition, the Synacktiv Team successfully hacked a Tesla Modem, earning $100,000 by exploiting three zero-day bugs. The researchers also used two unique two-bug chains to hack a Ubiquiti Connect EV Station and a JuiceBox 40 Smart EV Charging Station, receiving an additional $120,000. A third exploit chain targeting the ChargePoint Home Flex EV charger brought them $16,000. In total, Synacktiv Team earned $295,000 in prizes on the first day of the contest, showcasing their ability to uncover vulnerabilities in automotive technologies.
The competition, which focuses on automotive technologies, takes place during the Automotive World auto conference in Tokyo. Security researchers have the opportunity to target various systems, including Tesla in-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and car operating systems like Automotive Grade Linux, BlackBerry QNX, and Android Automotive OS. The top prize is awarded for zero-days targeting VCSEC, gateway, or autopilot, with a cash award of $200,000 and a Tesla car.
After exploiting zero-day bugs during the competition, vendors have 90 days to develop and release security fixes before TrendMicro’s Zero Day Initiative publicly discloses them. The Pwn2Own Automotive 2024 contest highlights the ongoing efforts of security researchers to uncover vulnerabilities in automotive technologies, emphasizing the importance of securing systems to prevent potential cyber threats in the automotive industry.
Reference:
