Ethical Hackers Make a Million at Pwn2Own Automotive
The first-ever Pwn2Own Automotive competition has concluded with hackers collectively earning a staggering $1,323,750 by exposing 49 zero-day vulnerabilities, primarily in Tesla vehicles.
Organized by Trend Micro's Zero Day Initiative (ZDI) during the Automotive World conference, the event in Tokyo showcased vulnerabilities in EV chargers, infotainment systems, and car operating systems.
Team Synacktiv stood out, securing $450,000 in cash. Their remarkable achievements included hacking a Tesla car twice and revealing vulnerabilities in the Ubiquiti Connect EV Station and the JuiceBox 40 Smart EV Charging Station. They also demonstrated their prowess by exploiting the Automotive Grade Linux OS.
The event highlighted the complex nature of modern vehicles, now seen as safety-critical computers on wheels. In a statement to DarkReading, Dustin Childs from ZDI emphasized the significance of the event, mentioning that there is a serious lack of research in this area, “and based on our experience, that lack of external scrutiny means there could be a lot of security issues."
The vulnerabilities discovered during the competition highlight the urgent need for enhanced security measures in the automotive industry. As vehicles become more technologically advanced, they also become more attractive targets for hackers.
Synacktiv CEO Renaud Feil, speaking about Tesla, said that the car has a huge attack surface since “everything is IT in a Tesla.” However, he also acknowledged that Tesla has a well-detailed security team, so although it is a large target, it’s certainly not an easy one.
As the dust settles on this year's event, the focus now shifts to how the automotive industry will respond to these revelations. Manufacturers are expected to closely examine the findings and work to address the vulnerabilities. ZDI has provided a 90-day window for manufacturers to fix the issues before they are publicly disclosed, offering ample motivation to reinforce their cybersecurity measures and protect their customers.
Please, comment on how to improve this article. Your feedback matters!