Hackers Expose 49 Critical Car Security Flaws, Win $886K at Pwn2Own Automotive

Hackers Expose 49 Critical Car Security Flaws, Win $886K at Pwn2Own Automotive

Pwn2Own Automotive 2025: Record-Breaking Security Contest Reveals Critical Vulnerabilities

Security researchers uncovered 49 zero-day vulnerabilities during the Pwn2Own Automotive 2025 competition, earning a total of $886,250 in prizes. The three-day event focused on testing the security of automotive software and hardware, including EV chargers, car operating systems, and in-vehicle infotainment systems.

Key Highlights:
– Day 1: $382,750 awarded for 16 zero-days
– Day 2: $335,500 awarded for 23 zero-days and two Tesla charger hacks
– Day 3: $168,000 awarded for 10 zero-days

Competition Winners:
1. Summoning Team’s Sina Kheirkhah: $222,250 (30.5 Master of Pwn points)
2. Synacktiv: $147,500
3. PHP Hooligans: $110,000
4. fuzzware.io: $68,750
5. Viettel Cyber Security: $53,750

The contest targeted latest-version systems, including Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX. While Tesla provided a Model 3/Y benchtop unit, researchers focused primarily on the Wall Connector charger.

Vendors now have 90 days to patch these vulnerabilities before TrendMicro’s Zero Day Initiative makes them public. This event follows the successful January 2024 edition, which awarded $1,323,750 for similar discoveries, and the Vancouver 2024 competition, where researchers earned $1,132,500 for 29 zero-day vulnerabilities.

Share This Article