The Zero Day Initiative’s Pwn2Own Automotive competition has ended, participants demonstrated 49 zero-day vulnerabilities affecting automotive products earning a total of $1,323,750.
The amazing Synacktiv team won the competition and earned a total of $450,000. The team demonstrated successful attacks against Tesla’s modem and the infotainment system.
In second place is the team fuzzware.io with $177,500, followed by the team Midnight Blue/PHP Hooligans with $80,000.
The biggest payout was awarded to the team fuzzware.io that exploited a buffer overflow to hack the EMPORIA EV Charger Level 2. They earned $60,000 and 6 Master of Pwn Points.
The team fuzzware.io also chained to flaws to hack the Phoenix Contact CHARX SEC-3100. However, one of the bugs was previously known, for this reason, the attempt was classified as a a bug collision. They earned $22,500 and 4.5 Master of Pwn Points.
The researcher Connor Ford of Nettitude demonstrated a stack-based buffer overflow to hack the JuiceBox 40 Smart EV Charging Station. He earned $30,000 and 6 Master of Pwn Points.
The full list of the exploits demonstrated on day three of PWN2OWN AUTOMOTIVE 2024 is available here.