Pierluigi Paganini
January 25, 2025
The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) obtained 30.5 Master of Pwn points and won the Master of Pwn earning $222.250.
And that’s a wrap! #Pwn2Own Automotive 2025 is complete. In total, we awarded $886,250 for 49 0-days over the three day competition. With 30.5 points and $222,250 awarded, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) is our Master of Pwn. #P2OAuto pic.twitter.com/pLaUeZwzZm
— Zero Day Initiative (@thezdi) January 24, 2025
The Synacktiv (@Synacktiv) team exploited a buffer overflow to hack the Autel MaxiCharger. They also demonstrate signals being transmitted via the Charging Connector for the add on. The team earned $35,000 and 6 Master of Pwn points.
Bongeun Koo (@kiddo_pwn) of STEALIEN exploited the Ubiquiti charger using three bugs, two of which were known, earning $26,750 and 4.5 Master of Pwn points.
Sina Kheirkhah exploited a single flaw to exploit the ChargePoint EV charger. The researcher earned $25,000 and 5 Master of Pwn points.
Now vendors have 90 days to address the vulnerabilities demonstrated by participants before Zero Day Initiative publicly discloses the issues.
The results of the Day 3 of Pwn2Own Automotive 2025 can be found here.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Pwn2Own)
