Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes

ZDI offers over $1 million in cash and prizes at the next Pwn2Own Automotive hacking contest, set for January 2025 in Tokyo.

Ethical hackers can earn over $1 million in cash and prizes at Pwn2Own Automotive 2025, the second installment of a Pwn2Own hacking contest focused on car systems, Trend Micro’s Zero Day Initiative (ZDI) announced this week.

The same as this year’s Pwn2Own Automotive, next year’s competition will be held in Tokyo, Japan, at the Automotive World conference, which is scheduled for January 22-24, 2025.

“Altogether, we have more than $1,000,000 USD in cash and prizes available, and we can’t wait to see what researchers bring to demonstrate in Tokyo,” ZDI said.

Four categories are planned for next year’s competition, namely Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers, and Operating Systems.

In addition to being offered the chance to hack a Tesla vehicle and earn it as a prize, contestants will be able to target the company’s wall charger, ZDI revealed.

Ethical hackers looking to drive away with a Tesla car will have to compete in categories where the vehicle is included, which include vulnerabilities in diagnostics and infotainment ethernet systems, the electronic control unit (ECU), and the autopilot system.

The highest prize amount offered in the Tesla category is of $500,000, available to contestants who can demonstrate remote, unconfined root access to a car’s autopilot.

“If you are going to participate in this category, please notify us at least two weeks before the event so we can source the hardware in time for the contest. And please read the rules thoroughly if you’re going after one of the bigger prizes,” ZDI notes.

Advertisement. Scroll to continue reading.

Those competing in the IVI systems category will be able to hack Sony, Alpine, Pioneer, and Kenwood devices and can earn up to $20,000 for working exploits.

Seven wall charging devices will be available for hacking at the contest, with prizes of up to $50,000 offered for every one of them. Bonuses will be offered for gaining code execution on the charger and manipulating the protocol and/or signals transmitted via its connector, and for compromising the EV charger through the charging connector.

In the operating systems category, the highest prizes are of $60,000, offered for exploits targeting the Android Automotive OS. BlackBerry QNX and Automotive Grade Linux (AGL) are also included in the category.

Researchers and ethical hackers interested in participating in the Pwn2Own Automotive 2025 competition can find the full set of rules on a dedicated ZDI page.

“Registration is required to ensure we have sufficient resources on hand at the event. Please contact ZDI at [email protected] to begin the registration process. (Email only, please; queries via social media, blog posts, or other means will not be acknowledged or answered.),” ZDI notes.

Related: $300,000 Offered for WhatsApp Exploit at Pwn2Own Ireland

Related: Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade

Related: ZDI Announces Rules and Prizes for Pwn2Own 2022

Related: ZDI Shares “Crazy” Stories on 15-Year Anniversary

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.