On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days.
Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each vulnerability earned $100,000.
Computest Sector 7 exploited the ChargePoint Home Flex by using a 2-bug chain.
Together with four Master of Pwn Points, they receive $20,000.
Sina Kheirkhah exploited the Ubiquiti Connect EV by using a 2-bug chain.
Six Master of Pwn Points and $30,000 are his earnings.
Connor Ford of Nettitude exploited the JuiceBox 40 Smart EV Charging Station by using a stack-based buffer overflow.
The EMPORIA EV Charger Level 2 was exploited by fuzzware.io via a buffer overflow.
Six Master of Pwn Points and $60,000 are their earnings.
Highlights of the Day 1 of Pwn2Own Automotive's research participants received awards totaling over $700,000.
Sina Kheirkhah earned $60,000 by successfully launching his attack on ChargePoint Home Flex.
A 2-bug chain was carried out by Synacktiv against the JuiceBox 40 Smart EV Charging Station and $60,000 is their earnings.
Using a UAF exploit, the PCAutomotive Team was able to successfully target the Alpine Halo9 iLX-F509 and earn $40,000.
Highlights from Day 2 of Pwn2Own Automotive: Over $1 million in rewards were offered to researchers.
Using a 3-bug chain, the PHP Hooligans and Midnight Blue team exploited the Phoenix Contact CHARX SEC-3100 and earned $30,000.
Synacktiv exploited Automotive Grade Linux by using a 3-bug chain and earned $35,000.
Fuzzware.io exploited the ChargePoint Home Flex with a two-bug chain and received $30,000 rewards.
ZDI is currently getting ready to host Pwn2Own Vancouver 2024, which is scheduled for March 20 to 22 in Vancouver, Canada.
Over $1 million will be awarded in prizes for that event.
A thorough summary of the Pwn2Own Automotive 2024 Day 3 results is available here for your reference.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 26 Jan 2024 16:20:43 +0000