Security News > 2024 > January > Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
After a zero-day vulnerability is exploited and reported to vendors during Pwn2Own, they have 90 days to release security patches before Trend Micro's Zero Day Initiative discloses it publicly.
Synacktiv hacked the Tesla car twice, getting root permissions on a Tesla Modem by chaining three vulnerabilities on the first day and demoing a Tesla Infotainment System sandbox escape via a two zero-day exploit chain on the second day.
In October, at Pwn2Own Toronto 2023, hackers won over $1 million for 58 zero-day exploits and multiple bug collisions targeting consumer products, including the Samsung Galaxy S23 smartphone, multiple printer models, surveillance systems, and network-attached storage devices.
News URL
Related news
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2 (source)
- QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3 (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- QNAP patches second zero-day exploited at Pwn2Own to get root (source)
- Synology hurries out patches for zero-days exploited at Pwn2Own (source)