Ethical hackers can earn over $1 million in cash and prizes at Pwn2Own Automotive 2025, the second installment of a Pwn2Own hacking contest focused on car systems, Trend Micro’s Zero Day Initiative (ZDI) announced this week.
The same as this year’s Pwn2Own Automotive, next year’s competition will be held in Tokyo, Japan, at the Automotive World conference, which is scheduled for January 22-24, 2025.
“Altogether, we have more than $1,000,000 USD in cash and prizes available, and we can’t wait to see what researchers bring to demonstrate in Tokyo,” ZDI said.
Four categories are planned for next year’s competition, namely Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers, and Operating Systems.
In addition to being offered the chance to hack a Tesla vehicle and earn it as a prize, contestants will be able to target the company’s wall charger, ZDI revealed.
Ethical hackers looking to drive away with a Tesla car will have to compete in categories where the vehicle is included, which include vulnerabilities in diagnostics and infotainment ethernet systems, the electronic control unit (ECU), and the autopilot system.
The highest prize amount offered in the Tesla category is of $500,000, available to contestants who can demonstrate remote, unconfined root access to a car’s autopilot.
“If you are going to participate in this category, please notify us at least two weeks before the event so we can source the hardware in time for the contest. And please read the rules thoroughly if you’re going after one of the bigger prizes,” ZDI notes.
Those competing in the IVI systems category will be able to hack Sony, Alpine, Pioneer, and Kenwood devices and can earn up to $20,000 for working exploits.
Seven wall charging devices will be available for hacking at the contest, with prizes of up to $50,000 offered for every one of them. Bonuses will be offered for gaining code execution on the charger and manipulating the protocol and/or signals transmitted via its connector, and for compromising the EV charger through the charging connector.
In the operating systems category, the highest prizes are of $60,000, offered for exploits targeting the Android Automotive OS. BlackBerry QNX and Automotive Grade Linux (AGL) are also included in the category.
Researchers and ethical hackers interested in participating in the Pwn2Own Automotive 2025 competition can find the full set of rules on a dedicated ZDI page.
“Registration is required to ensure we have sufficient resources on hand at the event. Please contact ZDI at pwn2own@trendmicro.com to begin the registration process. (Email only, please; queries via social media, blog posts, or other means will not be acknowledged or answered.),” ZDI notes.
Related: $300,000 Offered for WhatsApp Exploit at Pwn2Own Ireland
Related: Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
