Bug bounty hunters have achieved significant success at the Pwn2Own Automotive competition, discovering a total of 49 zero-day vulnerabilities in various automotive products and earning over $1.3 million. The event, coordinated by the Zero Day Initiative, featured participants successfully hacking into Teslas, infotainment systems, and electric vehicle chargers, demonstrating their ability to exploit security flaws in these technological innovations.
The Synacktiv team, highly regarded, emerged as the victors, winning a substantial prize of $450,000 for their exceptional performance. Their successful attacks on Tesla’s modem and the infotainment system solidified their position as the top earners in the competition. Following closely behind, the team fuzzware.io secured the second position and received a prize of $177,500, while the team Midnight Blue/PHP Hooligans obtained $80,000 for their efforts.
A notable highlight of the event was the outstanding accomplishment of the team fuzzware.io, which utilized a buffer overflow to breach the EMPORIA EV Charger Level 2, earning a reward of $60,000 along with 6 Master of Pwn Points. Their expertise was further demonstrated by chaining two flaws to hack the Phoenix Contact CHARX SEC-3100, resulting in a substantial prize of $22,500 and 4.5 Master of Pwn Points. Additionally, researcher Connor Ford of Nettitude made significant waves by executing a stack-based buffer overflow to infiltrate the JuiceBox 40 Smart EV Charging Station, resulting in a well-deserved payday of $30,000 and 6 Master of Pwn Points.
The comprehensive list of exploits presented on the third day of Pwn2Own Automotive 2024 is accessible via the following link: https://www.zerodayinitiative.com/blog/2024/1/25/pwn2own-automotive-2024-day-three-results
The successful conclusion of the Pwn2Own Automotive competition not only showcased the remarkable skill of bug bounty hunters but also served as a crucial reminder of the importance of cybersecurity in the rapidly evolving automotive industry. As technology continues to advance, the need for robust security measures becomes increasingly imperative to safeguard against potential threats.
For further updates on cybersecurity, follow @securityaffairs on Twitter, Facebook, and Mastodon. Stay informed and stay secure.
+ There are no comments
Add yours