Trend Micro’s Zero Day Initiative (ZDI) has announced the results from the first day of the Pwn2Own Automotive 2025 hacking contest taking place this week in Tokyo alongside the Automotive World conference.
On the first day of Pwn2Own Automotive 2025, participants earned a total of $382,750 for 16 unique zero-day vulnerabilities affecting infotainment systems, electric vehicle (EV) chargers, and automotive operating systems.
The biggest rewards — $50,000 each — were given out for exploits targeting Autel and Ubiquiti EV chargers. A Phoenix Contact charging controller exploit earned $41,750 and a ChargePoint charger exploit earned $47,500. Other Autel and Phoenix Contact charger exploits were rewarded with $25,000 each.
An exploit targeting Automotive Grade Linux, which included a previously known vulnerability, earned participants $33,500.
$20,000 were earned by Pwn2Own participants who hacked Alpine, Kenwood and Sony in-vehicle infotainment products.
Nearly two dozen more attempts are scheduled for the next two days at Pwn2Own Automotive 2025. They will target chargers and infotainment systems.
There will be no attempts to target a Tesla vehicle, for which the organizers had been prepared to reward participants with a car and up to $500,000 in cash for an autopilot exploit.
At last year’s Pwn2Own Automotive, participants earned a total of $1.3 million for exploits targeting Teslas, EV chargers and infotainment systems.
Related: Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities
Related: Over $1 Million Paid Out at Pwn2Own Ireland 2024
Related: Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland
