Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
Throughout the contest organized by Trend Micro's Zero Day Initiative in Tokyo, Japan, during the Automotive World auto conference, hackers targeted fully patched electric vehicle chargers, infotainment systems, and car operating systems.
After a zero-day vulnerability is exploited and reported to vendors during Pwn2Own, they have 90 days to release security patches before Trend Micro's Zero Day Initiative discloses it publicly.
You can find the complete set of targets and the rules of Pwn2Own Automotive here.
The Pwn2Own Automotive 2024 contest was won by Team Synacktiv, who took home $450,000 in cash, followed by fuzzware.io with $177,500 and Midnight Blue/PHP Hooligans with $80,000.
Synacktiv hacked the Tesla car twice, getting root permissions on a Tesla Modem by chaining three vulnerabilities on the first day and demoing a Tesla Infotainment System sandbox escape via a two zero-day exploit chain on the second day.
They also demoed two unique two-bug chains against the Ubiquiti Connect EV Station and the JuiceBox 40 Smart EV Charging Station, as well as a three-bug exploit targeting the Automotive Grade Linux OS. Synactiv also dominated the Pwn2Own Vancouver 2023 contest in March, earning $530,000 and a Tesla car for two exploit chains targeting its Gateway and Infotainment Unconfined Root.
In October, at Pwn2Own Toronto 2023, hackers won over $1 million for 58 zero-day exploits and multiple bug collisions targeting consumer products, including the Samsung Galaxy S23 smartphone, multiple printer models, surveillance systems, and network-attached storage devices.
Earlier this month, ZDI announced that the Pwn2Own Vancouver 2024 competition is scheduled to take place starting March 20th during the CanSecWest 2024 Conference.
The event will feature a prize pool of over $1,000,000 for exploits in various software categories and automotive systems found in Tesla Model 3 and Model S cars.
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo.
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024.
Google fixes first actively exploited Chrome zero-day of 2024.
Exploit released for Fortra GoAnywhere MFT auth bypass bug.
Ivanti: VPN appliances vulnerable if pushing configs after mitigation.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 26 Jan 2024 12:40:18 +0000


Cyber News related to Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
9 months ago Bleepingcomputer.com
Tesla 'Recalls' Two Million Cars Autopilot Risk - Elon Musk's Tesla is to 'recall' nearly every vehicle sold in the United States, after two year NHTSA investigation. Elon Musk's Tesla is having to recall nearly all its vehicles it has sold in the United States, after the US transportation safety ...
11 months ago Silicon.co.uk
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
11 months ago Bleepingcomputer.com
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto - The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits targeting consumer products between October 24 and October 27. During the Pwn2Own Toronto 2023 hacking event organized by ...
11 months ago Bleepingcomputer.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
11 months ago Bleepingcomputer.com
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
6 months ago Bleepingcomputer.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
9 months ago Cybersecuritynews.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
6 months ago Bleepingcomputer.com
Tesla Issues Fourth Recall For Cybertruck - Most Cybertrucks in the United States are being recalled over problems with windshield wipers and exterior trim. Elon Musk's Tesla is once again having to issue a recall for thousands of its slab-sided Cybertruck vehicles due to a couple of ...
4 months ago Silicon.co.uk
Tesla hackers win big at first Pwn2Own automotive hack fest The Register - Infosec in brief Trend Micro's Zero Day Initiative held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day vulnerabilities. Researchers from French ...
9 months ago Go.theregister.com
Tesla Expands Market Share Lead In Norway - Tesla expands top Norwary market share to 20 percent of new cars, even as it loses position as biggest EV seller worldwide to China's BYD. Tesla has expanded its leading share of Norways' electric vehicle market as the oil-producing country seeks to ...
10 months ago Silicon.co.uk
Tesla Recalls 27,00 Cybertrucks Over Rear Camera | Silicon UK - CNBC reported that Tesla said on Thursday it would recall more than 27,000 Cybertrucks due to delayed rear-view camera images that could impair driver visibility and increase crash risks. CNBC reported that Tesla said on Thursday that the ...
1 month ago Silicon.co.uk
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
11 months ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 - Broadcom-owned VMware on Tuesday published a security advisory to inform Workstation and Fusion customers that patches are available for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. It's worth noting that VMware ...
6 months ago Securityweek.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
9 months ago Darkreading.com
US charges two more suspects with DraftKing account hacks - The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. One month later, DraftKings said it had refunded hundreds ...
9 months ago Bleepingcomputer.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
10 months ago Bleepingcomputer.com
VicOne Partners With 42Crunch to Deliver Comprehensive Security Across SDV and Connected-Vehicle Ecosystem - PRESS RELEASE. DALLAS and TOKYO, May 29, 2024- VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch to enhance the security of application programming interfaces for the software-defined vehicle and ...
5 months ago Darkreading.com
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
11 months ago Bleepingcomputer.com
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
9 months ago Securityzap.com
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
8 months ago Feeds.dzone.com
OT Cybersecurity for Automotive Industry - OT systems are ubiquitous across all critical infrastructure industries, such as Oil and Gas, Automotive, Energy, Water Utilities, and Transportation. OT infrastructure is very vital to any nation's security to ensure the delivery of essential ...
11 months ago Feeds.dzone.com
Top Cyber Threats Automotive Dealerships Should Look Out For - Automotive dealerships are attractive targets for hackers. A combination of storing lots of sensitive customer data, handling large financial transactions, increased dependence on digital technologies and a perception of immature cybersecurity all ...
8 months ago Securityboulevard.com
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world - While I don't own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars. They're all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor ...
9 months ago Blog.talosintelligence.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)