Researchers at this year’s Pwn2Own Automotive hacking contest made headlines by successfully hacking Tesla’s wall connector electric vehicle (EV) charger. The annual contest, which focuses on hacking automotive technologies during the Automotive World tradeshow in Tokyo, allows researchers to target various aspects of cars, such as operating systems, electric vehicles, chargers, and infotainment systems, to uncover hidden vulnerabilities and potential threats.
According to reports from Zero Day Initiative, the PHP Hooligans team used a “numeric range comparison without minimum check” zero-day bug to take over the EV charger and crash it. This successful hack earned them $50,000 in prize money and five Master of Pwn points. Following closely behind was Synacktic, which also managed to hack the Tesla EV charger through the charging connector.
The PHP Hooligans didn’t stop there, as they exploited 23 other zero-day vulnerabilities in various EV chargers, including WOLFBOX, ChargePoint Home Flex, Autel MaxiCharger, Phoenix Contact CHARX, and EMPORIA. This display of hacking prowess exemplified the importance of cybersecurity in the constantly evolving automotive industry.
On the second day of the contest, Trend Micro’s Zero Day Initiative rewarded onsite security researchers with a total of $718,250 for discovering 39 unique zero-day vulnerabilities. This substantial reward highlights the significance of identifying and addressing potential security risks in automotive technologies.
In the current standings of the Pwn2Own contest, Sina Kheirkhah is leading with 24.5 points, followed by Synacktiv in second place, and PHP Hooligans in third. These talented researchers showcase their skills and knowledge in the field of cybersecurity, emphasizing the importance of staying vigilant against potential threats and vulnerabilities in automotive technologies.
Overall, the Pwn2Own Automotive hacking contest serves as a platform for researchers to demonstrate their expertise in identifying and exploiting vulnerabilities in automotive technologies. The successful hacks on Tesla’s EV charger and multiple other chargers underscore the need for continuous security efforts to protect against potential cyber threats in the increasingly digitized automotive landscape.