Security researchers hacked the Tesla infotainment system and demoed 24 extra zero-days on the second day of the Pwn2Own Automotive 2024 hacking competitors.
Synacktiv Team (@Synacktiv) took house $100,000 after chaining two zero-day bugs for a sandbox escape to hack the Tesla Infotainment System.
They additionally used a three-chain zero-day exploit to hack the Automotive Grade Linux working system for a further $35,000.
On the primary day of Pwn2Own Automotive 2024, Synacktiv additionally collected one other $295,000 after getting root on a Tesla Modem and hacking Ubiquiti Connect EV and JuiceBox 40 Smart EV Charging Stations utilizing three chains, exploiting a complete of seven zero-days.
Throughout the second day, rivals demoed 24 distinctive bugs and earned $382,500, totaling 48 zero-days and $1,101,500 for the reason that begin of the competitors.
After the Pwn2Own competitors ends, distributors have 90 days to launch safety fixes earlier than TrendMicro’s Zero Day Initiative publicly discloses the zero-days.
The Pwn2Own Automotive 2024 hacking contest takes place in Tokyo, Japan, in the course of the Automotive World auto convention from January 24 to January 26, specializing in automotive applied sciences.
During the competition, the hackers goal electrical car (EV) chargers, infotainment programs, and automobile working programs, together with Automotive Grade Linux, Android Automotive OS, and BlackBerry QNX.
They’ll additionally assault Tesla Model 3/Y (Ryzen-based) and Tesla Model S/X (Ryzen-based) items, together with the in-vehicle infotainment (IVI) and modem programs, each already hacked in the course of the first two days of the match.
The prime prize that may be earned is $200,000 in money and a Tesla automobile for VCSEC, gateway, or autopilot zero-day vulnerabilities.
The full schedule of this yr’s automotive hacking contest is right here, whereas the total schedule for the second day and the outcomes for every problem can be found right here.
Security researchers additionally earned $1,035,000 and a Tesla Model 3 automobile in the course of the Pwn2Own Vancouver 2023 competitors in March after demonstrating a complete of 27 zero-days and a number of other bug collisions.