Day two of the Zero Day Initiative’s Pwn2Own Automotive hacking contest has come to an end, with participants earning a total of over $300,000 for exploits targeting infotainment systems, EV chargers, and a Tesla.
Pwn2Own Automotive is taking place these days alongside the Automotive World conference in Tokyo, Japan. The total paid out to participants in the first two days of the event totals more than $1 million, ZDI announced.
The Synacktiv team is in the lead, earning $430,000 for their exploits. Nearly half of the amount was earned for exploits targeting Tesla cars. On the first day, the researchers got $100,000 for hacking the Tesla modem and on the second day they received another $100,000 for hacking the Tesla infotainment system.
The same team also earned $35,000 for hacking Automotive Grade Linux in the operating system category using a three-bug exploit chain.
The other prizes earned on the second day are smaller. Phoenix Contact, ChargePoint, Autel and JuiceBox EV charger exploits earned $30,000 each.
Prizes of $20,000 were awarded to participants for Alpine infotainment system hacks and a partially successful Autel EV charger exploit.
Bounties ranging between $10,000 and $15,000 were awarded for partially successful EV charger and infotainment exploits. These exploits involved vulnerabilities that were previously known.
For the last day of Pwn2Own Automotive, there are seven EV charger and two infotainment system hacking attempts scheduled.
This is the first edition of the automotive-focused Pwn2Own. ZDI shared some interesting details about the event with SecurityWeek in October.