Le Lézard
Classified in: Science and technology
Subjects: Photo/Multimedia, Conference, Event, Product/Service, Trade Show, Contest

Pwn2Own Automotive 2024: VicOne and ZDI lead first hackathon to uncover cyber vulnerabilities in connected vehicles


VicOne, a leading provider of automotive cybersecurity solutions, hosted "Pwn2Own Automotive 2024", its first ethical hacking event exclusively for the automotive sector, at Automotive World in Tokyo (January 24-26, 2024) to explore and address cybersecurity challenges in the automotive industry.

The event was dedicated to discovering and fixing digital security vulnerabilities of connected cars to protect the cybersecurity of vehicles. Specifically, 17 white hat hacker team and individuals from nine countries participated in a total of over 50 entries both remotely and on-site in four categories:

The participants competed for cash and prizes worth US $1,323,750. A total of 49 unknown security vulnerabilities (zero-day vulnerabilities) were discovered by the participants over the three days. To win, participants had to take advantage of newly discovered vulnerabilities to attack target systems and devices and execute arbitrary instructions. The event was not only about prestige and competition between the best white hat hackers on the scene, but also about collaboration within the automotive industry and with external IT cybersecurity experts to make the entire industry safer.

VicOne's parent company, global cybersecurity leader Trend Microtm, co-hosted the event through the Zero Day initiativetm (ZDI), the world's largest vendor-agnostic bug bounty program. Electric vehicle manufacturer Tesla, as the main sponsor of the event, put its own products to the test including a modem, infotainment system, and Model Y vehicle. Individual hackers and hacking teams from countries including the USA, Vietnam, Japan, the UK, Hungary, the Netherlands, France, and Germany took part.

The winning team Synacktiv from France came away with a total profit of US $450,000, and now holds the title of "Master of Pwn." With a total profit of US $177,500, the German fuzzware.io team took second place. The hackers from fuzzware.io targeted the Sony XAV-AX5500 and the Alpine Halo9 iLX-F509 in the In-Vehicle Infotainment (IVI) category, as well as the ChargePoint Home Flex, the Autel MaxiCharger AC Wallbox Commercial, the EMPORIA EV Charger Level 2 and the Phoenix Contact CHARX SEC-3100 in the Chargers for Electric Vehicles category. With no less than six hacking attempts, they were among the most diligent hackathon participants. Team Tortuga checked the ChargePoint Home Flex in the category chargers for electric vehicles for possible security vulnerabilities.

The multinational event also served to connect and engage the automotive industry with the cybersecurity industry. Hacking events like this are crucial to prepare the global automotive industry for the evolving threat landscape. For example, the ongoing on-site competition also featured attack scenarios that emphasized the importance of discovering cybersecurity vulnerabilities and the potential threats that can arise if vulnerabilities are not addressed promptly. Early detection of vulnerabilities and sharing them with vendors for their countermeasures is important, first and foremost, from the standpoint of safety and cost. By uncovering vulnerabilities in their own products, participating companies were able to gain insights into how they can develop more secure and reliable products.

The zero-day vulnerabilities discovered through this competition will be reported to the respective vendors for further action to fix them. Details of the vulnerabilities will be announced 120 days or later after the conclusion of the competition based on their status. The event revealed the very latest security research and hacking approaches and, therefore, has at least indirect relevance for planned government and industry security measures and regulations.

"With the constant innovations in the automotive industry, the car is not only a traditional means of transportation but also a completely new mobility and a new living space," said Max Cheng, CEO of VicOne. "In an era where our lives and mobility are becoming more closely connected through the Internet, cybersecurity is of paramount importance for people's economic and physical safety, which is why it is essential to identify and address security vulnerabilities in systems before malicious attackers do. Pwn2Own Automotive 2024 is one of VicOne's efforts to spread its long-standing security expertise to the automotive industry."

Cheng continued, "we are also delighted that the number of entries far exceeded our expectations. This was a very successful demonstration that we are at the forefront of discovering zero-day vulnerabilities in the automotive industry and protecting against cyber-attacks, thanks to the dedication and expertise of our participants and the great work of our own researchers. We would like to thank everyone who attended this event and shared the spirit of security research and innovation. This is not a one-time event. VicOne will continue to host this event, and I hope to see everyone again at 2025 Pwn2Own Automotive Tokyo."

"Since 2007, Pwn2Own has been the world's largest hacking contest, rewarding top researchers with the ability to penetrate the most challenging attack surface and discover zero-day vulnerabilities. While previous competitions have covered a wide range of areas, this year's competition was the first Pwn2Own to focus on automobiles. The discovery of 49 new unknown vulnerabilities and the opportunity to bring together a community of automotive vendors and world-class security researchers to share the latest and most valuable insights into automotive cybersecurity is of critical importance to the global automotive industry's ability to prepare for evolving threats," explained Brian Gorenc, VP of Threat Research at VicOne's parent company Trend Micro and responsible for the ZDI program.

For more updates on the Pwn2Own Automotive and future Pwn2Own hacking events, follow the social media accounts and blog posts from VicOne (LinkedIn, X, blog) and ZDI (LinkedIn, X, blog).

About VicOne:

With a vision to secure the vehicles of tomorrow, VicOne offers a broad portfolio of cybersecurity software and services for the automotive industry. VicOne's solutions are specifically designed to meet the stringent requirements of automotive manufacturers and are engineered to meet the unique needs of modern vehicles. As a subsidiary of Trend Micro, VicOne is built on a solid foundation in cybersecurity resulting from Trend Micro's 30+ years of experience in the industry. VicOne provides unparalleled protection for the automotive industry and deep security expertise that enables our customers to build safe and smart vehicles. For more information, please visit vicone.com.


These press releases may also interest you

at 12:05
Philip Engström, VFX Supervisor and Chelsea Mirus, VFX Production Manager represented Important Looking Pirates ("ILP") on the Sh?gun ballot at the award ceremony in Los Angeles, winning the Emmy in the Special Visual Effects In A Season Or A Movie...

at 12:03
The Honourable Jonathan Wilkinson, Canada's Minister of Energy and Natural Resources, alongside the Honourable Minister Tory Rushton, Nova Scotia's Minister of Energy and Renewables; the Honourable Sean Fraser, Member of Parliament for Central...

at 12:00
Netflix, Inc. today announced it will post its third quarter 2024 financial results and business outlook on its investor relations website at http://ir.netflix.net on Thursday, October 17, 2024, at approximately 1:00 p.m. Pacific Time....

at 12:00
MobileX, the most customizable wireless service designed to save consumers money, today announced major enhancements to its platform including faster network speeds, reduced latency, and a refined activation experience. These upgrades, which will...

at 12:00
Intelligent.com, a platform dedicated to helping young professionals navigate the future of work, has published a recent survey report exploring hiring managers' attitudes toward hiring recent college graduates. Intelligent.com experts gathered...

at 12:00
FortisBC Energy Inc. and FortisBC Inc. (collectively, "FortisBC") are doubling the funding available for B.C. builders looking for more affordable ways to build much-needed homes that require less energy for heating, cooling and electricity. FortisBC...



News published on and distributed by: