The Zero Day Initiative (ZDI) has recently announced the launch of the first-ever Pwn2Own hacking contest dedicated to car systems, called Pwn2Own Automotive. With a whopping prize pool of over $1 million, the competition aims to encourage automotive research, incentivize vendors to participate in the security research community, and bring attention to the various sub-components of a vehicle. The event is scheduled to take place in Tokyo from January 24 to 26 next year.
Pwn2Own Automotive will consist of four categories, namely all things Tesla, in-vehicle infotainment (IVI), electrical vehicle chargers, and operating systems. Each category offers participants the opportunity to showcase their hacking skills and potentially win lucrative cash prizes and other rewards.
Brian Gorenc, who is a part of ZDI, outlined the primary objectives of hosting this event in a blog post. First and foremost, the competition aims to foster and promote automotive research. By encouraging security researchers to delve into the vulnerabilities and potential exploits within car systems, the event hopes to contribute to the overall improvement of automotive cybersecurity.
Secondly, the contest intends to incentivize vendors to actively participate in the security research community. By offering substantial cash rewards and recognition, the organizers hope to foster collaboration between vendors and security researchers. This collaboration is crucial in identifying and addressing security loopholes, thereby enhancing the overall security of car systems.
Lastly, the competition aims to shed light on the various sub-components of a vehicle. By focusing on categories like all things Tesla, in-vehicle infotainment, electrical vehicle chargers, and operating systems, the event will help highlight the vulnerabilities that might exist within these specific areas. This targeted focus will lead to a better understanding of potential security flaws and facilitate efforts to secure these components.
Notably, Pwn2Own Automotive will also allow for remote participation, enabling researchers from around the world to join the competition. Interested individuals must register before the January 18 deadline and submit a detailed whitepaper explaining their exploit chain, along with instructions on how to run their entry. Remote applicants are required to contact ZDI officials at least two weeks prior to the registration deadline.
To assist participants in their preparation, ZDI has provided detailed information about each category of the competition and a complete set of rules on their website. The rules outline the expectations and guidelines for participants regarding the research and the demonstration of their exploits.
With the increasing integration of electronic systems in modern cars, the need for robust cybersecurity measures has become essential. The Pwn2Own Automotive hacking contest is an important step towards addressing these concerns and fostering collaborative efforts to enhance the security of car systems. By encouraging research and incentivizing vendors to participate, this competition aims to make significant progress in automotive cybersecurity.
Security researchers and enthusiasts who are interested in participating can find more information about the competition categories and rules on the ZDI website. The detailed guidelines and resources will assist participants in understanding the requirements and preparing for the event.
In conclusion, the Pwn2Own Automotive hacking contest aims to provide a platform for researchers to explore automotive vulnerabilities, promote collaboration between vendors and security researchers, and raise awareness about the security of car sub-components. With a substantial prize pool and the opportunity for remote participation, this competition is poised to attract talented individuals who want to contribute to the advancement of automotive cybersecurity.