Cyber Threats
Pwn2Own: Researchers Earn $1 Million for 76 Zero-Days
Discover how TrendAI Zero Day Initiative (ZDI) identified critical vulnerabilities across connected vehicles, EV chargers, and automotive systems.
Save to Folio
Discovering critical vulnerabilities across connected vehicles, EV chargers, and automotive systems
As connected cars proliferate worldwide, data security for vehicles has become more critical than ever. Whether petrol-powered or electric, new vehicles send and receive huge quantities of data, raising data privacy and safety concerns for manufacturers and customers.
The TrendAI Zero Day Initiative™ (ZDI) sits at the forefront of threat research, and connected vehicles are no exception. Last week, TrendAI ZDI hosted Pwn2Own Automotive in Tokyo, inviting security researchers from around the world to responsibly demonstrate and disclose exploits and zero-day vulnerabilities at the world’s most prestigious hacking competition. Participants targeted connected vehicle devices including electric vehicle chargers, in-vehicle infotainment systems, automotive operating systems, and more.
A total of 76 vulnerabilities were disclosed at the event, with contestants earning $1,047,000 in prizes. The team from Fuzzware.io was crowned the Master of Pwn with $215,000 earned for their efforts.
VicOne co-hosted the event with TrendAI ZDI, which was sponsored by Tesla and supported by partners Alpitronic and the Open Charge Alliance.
Other highlights of the event included:
- Synacktiv (@synacktiv) chained an information leak and an out‑of‑bounds write to exploit the Tesla Infotainment system in the USB‑based Attack category
- The Synacktiv team also achieved a Pwn2Own first by using NFC to target the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add‑on.
- Fuzzware.io (@ScepticCtf, @diff_fusion, @SeTcbPrivilege) chained two vulnerabilities to achieve code execution on the Autel MaxiCharger AC Elite Home 40A EV Charger and manipulate the ChargePoint signal.
TrendAI uses disclosures from Pwn2Own to protect customers from zero-day exploits an average of 71 days ahead of the rest of the cybersecurity industry.
"Proactive security is at the centre of our mission to protect customers and the world from cyber threats faster than any other security provider. TrendAI ZDI is a key contributor to our unmatched threat intelligence. Connected assets are rapidly becoming an integral part of the digital world, and we’re proud to bring together security experts at Pwn2Own to push threat research forward.” —Rachel Jin, Chief Platform and Business Officer at TrendAI