In a recent three-day competition, Synacktiv, a hacking group, claimed the top spot at Pwn2Own Automotive 2024, hosted by Zero Day Initiative (ZDI) and VicOne in Japan. The event, focused on ethical exploitation of automotive electronic systems, saw Synacktiv secure a total of $200,000 in prize money.
On the first day, the group earned $100,000 by successfully executing a three-bug chain against the Tesla Modem. The following day, they bagged another $100,000 for targeting the Tesla infotainment system using a two-bug chain. The group also demonstrated their prowess by hacking into other systems, including Automotive Grade Linux, Ubiquiti Connect EV Station, ChargePoint Home Flex, JuiceBox 40 Smart EV Charging Station, and the Sony XAV-AX5500.
The increasing prevalence of software-defined vehicles highlights the critical need for cybersecurity in the automotive industry. Concerns about data privacy have been raised, with reports suggesting that automakers may be collecting personal information from customer cars. Events like Pwn2Own aim to expose technical vulnerabilities that hackers could exploit.
The organizers reported the discovery of 49 new technical vulnerabilities during the three-day event, amounting to a total of $1,323,750 in prize money. Synacktiv emerged as the overall winner, securing $450,000 and 50 “Master of Pwn” points. Fuzzware.io followed with $177,500, and Midnight Blue/PHP Hooligans received $80,000.
Last year, Synacktiv successfully hacked Tesla's midsize EV's infotainment system in under two minutes, earning them $350,000 and a Tesla Model 3. These incidents underscore the importance of automotive cybersecurity, especially as hackers continue to explore potential exploits.
As software-defined vehicles become more prevalent, automakers must remain vigilant in enhancing their security systems. While some hacking attempts are conducted for research purposes, the potential for malicious activities raises concerns. Events like Pwn2Own serve as valuable platforms for identifying and addressing vulnerabilities to ensure the safety and privacy of automotive systems.