Brother
Professional
- Messages
- 2,590
- Reaction score
- 483
- Points
- 83
The famous hacking contest started in Tokyo, astrologers announced a week of vulnerability search.
Security researchers hacked into the modem of a Tesla car and received a total reward of $ 722,500 on the first day of the Pwn2Own Automotive 2024 competition, which is currently taking place in Tokyo. Today, no less than 24 zero-day vulnerabilities were discovered by white hackers.
Synacktiv team earned $100,000 by successfully combining 3 zero-day vulnerabilities to gain root access to the modem of a Tesla car. This allowed white hackers to gain full control of the device and demonstrate the possibility of compromising the system.
In addition, Synacktiv used two unique chains of two vulnerabilities to hack the Ubiquiti Connect EV charging station and JuiceBox 40 Smart EV charging, earning an additional $120,000. These attacks also demonstrated serious security issues in popular models of electric car chargers.
Another chain of exploits aimed at charging the ChargePoint Home Flex EV was already known, but still brought the team $16,000 in cash. Synacktiv hackers collected a total of $295,000 in prize money on the first day of the contest.
First Day Standings of Pwn2Own Automotive 2024
Security researchers have also successfully hacked several fully updated electric vehicle charging stations and multimedia systems from other manufacturers. So, the NCC Group EDG team took second place in the standings, receiving $70,000 for using zero-day vulnerabilities to hack the Pioneer DMH-WT7600NEX multimedia system and charging the Phoenix Contact CHARX SEC-3100 EV.
The results of the first day of Pwn2Own demonstrate that even modern software and equipment in the field of electric vehicles contain serious vulnerabilities that can be used by attackers for attacks. However, timely detection of such vulnerabilities is not impossible, you just need to gather dozens of hackers in one place and set a specific task.
After demonstrating exploits as part of the Pwn2Own competition, manufacturers have 90 days to develop and release security patches before the details of the identified vulnerabilities are publicly disclosed as part of Trend Micro's Zero Day Initiative.
This approach gives manufacturers enough time to fix vulnerabilities in their products before attackers take advantage of this information, but keeps them in good shape so as not to delay the release of fixes for a long time.
Pwn2Own Automotive 2024 is taking place this week in Tokyo as part of the Automotive World conference. During the competition, cybersecurity researchers will attack various automotive technologies, including multimedia systems, car operating systems, charging stations, etc.
The grand prize — $200,000 and a Tesla Model 3 car-will be awarded for demonstrating zero-day vulnerabilities in VCSEC, gateway or autopilot systems.
Last year, during the Pwn2Own Vancouver 2023 competition, cybersecurity researchers earned a total of $1,035,000 and a Tesla Model 3 car after demonstrating 27 zero-day vulnerabilities and several additional attack chains.
Security researchers hacked into the modem of a Tesla car and received a total reward of $ 722,500 on the first day of the Pwn2Own Automotive 2024 competition, which is currently taking place in Tokyo. Today, no less than 24 zero-day vulnerabilities were discovered by white hackers.
Synacktiv team earned $100,000 by successfully combining 3 zero-day vulnerabilities to gain root access to the modem of a Tesla car. This allowed white hackers to gain full control of the device and demonstrate the possibility of compromising the system.
In addition, Synacktiv used two unique chains of two vulnerabilities to hack the Ubiquiti Connect EV charging station and JuiceBox 40 Smart EV charging, earning an additional $120,000. These attacks also demonstrated serious security issues in popular models of electric car chargers.
Another chain of exploits aimed at charging the ChargePoint Home Flex EV was already known, but still brought the team $16,000 in cash. Synacktiv hackers collected a total of $295,000 in prize money on the first day of the contest.
First Day Standings of Pwn2Own Automotive 2024
Security researchers have also successfully hacked several fully updated electric vehicle charging stations and multimedia systems from other manufacturers. So, the NCC Group EDG team took second place in the standings, receiving $70,000 for using zero-day vulnerabilities to hack the Pioneer DMH-WT7600NEX multimedia system and charging the Phoenix Contact CHARX SEC-3100 EV.
The results of the first day of Pwn2Own demonstrate that even modern software and equipment in the field of electric vehicles contain serious vulnerabilities that can be used by attackers for attacks. However, timely detection of such vulnerabilities is not impossible, you just need to gather dozens of hackers in one place and set a specific task.
After demonstrating exploits as part of the Pwn2Own competition, manufacturers have 90 days to develop and release security patches before the details of the identified vulnerabilities are publicly disclosed as part of Trend Micro's Zero Day Initiative.
This approach gives manufacturers enough time to fix vulnerabilities in their products before attackers take advantage of this information, but keeps them in good shape so as not to delay the release of fixes for a long time.
Pwn2Own Automotive 2024 is taking place this week in Tokyo as part of the Automotive World conference. During the competition, cybersecurity researchers will attack various automotive technologies, including multimedia systems, car operating systems, charging stations, etc.
The grand prize — $200,000 and a Tesla Model 3 car-will be awarded for demonstrating zero-day vulnerabilities in VCSEC, gateway or autopilot systems.
Last year, during the Pwn2Own Vancouver 2023 competition, cybersecurity researchers earned a total of $1,035,000 and a Tesla Model 3 car after demonstrating 27 zero-day vulnerabilities and several additional attack chains.
