VicOne, a prominent provider of automotive cybersecurity solutions, has revealed its plans to organize the “Pwn2Own Automotive 2025” zero-day vulnerability discovery competition in collaboration with Zero Day Initiative (ZDI). The event is scheduled to take place from January 22 to January 24, 2025, at Tokyo Big Sight, West Hall, as part of the 17th AUTOMOTIVE WORLD 2025 – Advanced Automotive Technology Expo. This initiative marks the second edition of the Pwn2Own Automotive contest after its successful debut in January 2024, where a total of 49 zero-day vulnerabilities were uncovered.
The primary objective of Pwn2Own Automotive is to bolster automotive cybersecurity by identifying and addressing zero-day vulnerabilities, thereby mitigating potential cyber threats associated with the increasing use of software-defined vehicles (SDVs). By allowing top-tier security researchers to conduct real-world testing of cutting-edge automotive technologies, the contest aims to proactively detect and neutralize vulnerabilities before they can be exploited for malicious purposes.
Furthermore, the competition serves as a platform to incentivize innovation within the cybersecurity domain by recognizing the achievements of participants and offering substantial monetary rewards totaling over $1 million USD. This not only encourages further research and development in cybersecurity but also provides valuable hands-on experience to cultivate talent within the industry, ultimately contributing to an enhanced global cybersecurity landscape.
Participants in the “Pwn2Own Automotive 2025” competition will compete in four key categories: In-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and other specified targets, demonstrating their ability to execute arbitrary code on the designated devices or operating systems. Contestants are allowed up to three attempts per target, with successful challenges earning them points. The participant or team with the highest points at the end of the contest will be awarded the prestigious title of “Master of Pwn.”
To qualify for the competition, vulnerabilities targeted by participants must be previously unknown, undisclosed, and unreported, as per the contest rules defined by ZDI. The first participant to successfully complete a challenge in each category will be eligible for a monetary reward, with the order of challenges being randomly determined through a draw.
Brian Gorenc, VP of Threat Research at VicOne’s parent company, Trend Micro, emphasized the significance of this collaboration, stating that the contest underscores their commitment to addressing real-world cybersecurity threats in the automotive sector. Max Cheng, CEO of VicOne, highlighted the role of such events in uncovering critical vulnerabilities and promoting early risk identification and mitigation within the automotive industry, attributing them as vital components in securing the future of software-defined vehicles (SDVs).
With the registration deadline set for January 16, 2025, interested participants are required to submit a detailed white paper outlining their vulnerability testing procedures and execution methods to complete the registration process. Remote participation online is also an option for those unable to attend in person.
In addition to the Pwn2Own Automotive competition, VicOne will be presenting its award-winning cybersecurity software and services portfolio at the Las Vegas Consumer Electronics Show (CES) alongside partners like P3 digital services. The focus will be on providing a secure IVI environment for Android Automotive OS, ensuring content protection for drivers and passengers alike.
For more information about VicOne’s automotive cybersecurity offerings and registration details for the Pwn2Own Automotive 2025 contest, interested parties can visit the official website at https://www.vicone.com/.
In conclusion, VicOne’s dedication to advancing automotive cybersecurity through initiatives like Pwn2Own Automotive underscores the importance of proactive cybersecurity measures in safeguarding the future of software-defined vehicles and the automotive industry at large. Through collaboration with industry-leading partners and fostering innovation in security research, VicOne continues to play a pivotal role in shaping a safer and more secure automotive landscape.