Tesla Modem Hacked: 24 Zero-Days Unveiled at Pwn2Own Automotive 2024, Over $720K in Prizes Awarded. At the Pwn2Own Automotive 2024 event, a Tesla Modem was successfully hacked, unveiling 24 new zero-day exploits. This led to security researchers earning a total of $722,500 in awards on the event’s first day. This included three bug collisions and the 24 zero-day exploits.
The Synacktiv Team (@Synacktiv) received $100,000 for combining three zero-day bugs to gain root access to a Tesla Modem. Additionally, they earned $120,000 by exploiting two separate bug chains to breach a Ubiquiti Connect EV Station and a JuiceBox 40 Smart EV Charging Station.
Despite a third exploit chain aimed at the ChargePoint Home Flex EV charger being previously known, it still resulted in a $16,000 prize for the team, culminating in $295,000 in total winnings for the first day.
Moreover, the event saw successful hacks of various fully updated EV charging stations and infotainment systems. The NCC Group EDG team secured second place, winning $70,000 for exploiting zero-days in the Pioneer DMH-WT7600NEX infotainment system and the Phoenix Contact CHARX SEC-3100 EV charger.
Post-exploitation in the Pwn2Own contest, vendors are given a 90-day window to develop and release security patches before these zero-day bugs are publicly disclosed by TrendMicro’s Zero Day Initiative. Focused on automotive technologies, the Pwn2Own Automotive 2024 is being held this week in Tokyo, Japan, as part of the Automotive World auto conference, spanning January 24 to January 26.
Throughout the competition, participants target various automotive systems including Tesla’s in-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and car operating systems like Automotive Grade Linux, BlackBerry QNX, and Android Automotive OS.
Zero-day exploits targeting Tesla Model 3/Y (Ryzen-based) and Tesla Model S/X (Ryzen-based) systems are also demonstrated, encompassing the infotainment system, modem, tuner, wireless, and autopilot.
Tesla Modem Hacked: 24 Zero-Days Unveiled at Pwn2Own Automotive 2024, Over $720K in Prizes Awarded
The highest reward, comprising $200,000 and a Tesla car, will be given for zero-days in VCSEC, gateway, or autopilot systems.
Complete details of this year’s automotive hacking contest, including the full schedule and results for each challenge, are available online.
During the Pwn2Own Vancouver 2023 competition in March, researchers earned $1,035,000 and a Tesla Model 3 car by demonstrating 27 zero-day exploits along with several bug collisions.
BYD Surpasses Tesla in Global EV Sales: How China’s Rising Star is Shaking Up the Electric Vehicle Market(Opens in a new browser tab)
Where automotive cyber security is headed(Opens in a new browser tab)
What does your car know about you? We hacked a Chevy to find out(Opens in a new browser tab)
Toronto scientist Rahul Krishnan gets big award to study artificial intelligence in health care(Opens in a new browser tab)
Tesla’s software lead is so big it should worry other automakers, AI expert says(Opens in a new browser tab)