Pwn2Own Automotive
The results of the first Pwn2Own Automotive event were recently announced, held over three days at the Automotive World conference in Tokyo and in which a total of 49 previously unknown vulnerabilities were revealed in automotive infotainment platforms, operating systems and electric vehicle charging devices.
At Pwn2Own Automotive 2024 rewards were offered for vulnerabilities in the categories composed of: Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers and Operating Systems. Each category has a set of objectives that the contestant can select during the registration process. All entries must compromise the device and demonstrate arbitrary code execution on the device.
The attacks were carried out using the latest firmware and operating systems, with all available updates and in default configuration.
The total amount of remuneration exceeded 1.3 million US dollarss, with the Synacktiv team leading with profits of 450 thousand dollars. Second place winners (fuzzware.io) received $177,500 and third place winners (Midnight Blue) received $80,000.
During the competition, Several attacks were demonstrated, including:
- Two hacks of an environment based on the Automotive Grade Linux distribution, which were rewarded with $47,500 and $35,000. Two participants canceled their requests to attack the EMPORIA EV Charger Level 2 and the Automotive Grade Linux platform.
- Demonstrated hacking of a Tesla car's infotainment system, which was rewarded with $100,000 per exploit involving a chain of two bugs.
- Hacking of a modem used in a Tesla car with a reward of $100,000 per exploit involving a chain of three bugs.
- Five hacks of an infotainment system based on the Sony XAV-AX5500 platform rewarded with $40,000, $20,000, $20,000, $20,000 and $10,000
- Hacking of an infotainment system based on the Pioneer DMH-WT7600NEX platform ($40,000 per exploit involving a chain of three errors).
- Six hacks to an infotainment system based on the Alpine Halo9 iLX-F509 platform ($40,000 for the already released memory exploit, $20,000 for the command substitution vulnerability, $20,000 for the buffer overflow vulnerability, $20,000 for the exploit involving a chain of two errors, $20,000 per exploit involving a chain of two errors, $10,000 per exploit involving a chain of two errors).
- Two hacks of the Ubiquiti Connect EV Station charging station ($60,000 and $30,000 for exploits involving a chain of two bugs).
- Three hacks of Phoenix Contact's CHARX SEC-3100 charging station ($60,000 for an exploit involving a chain of two errors, $30,000 for a vulnerability associated with insufficient verification of input data, $30,000 for an exploit involving involves a chain of three errors, $22,500 for an exploit involving a chain of two errors, $26,250 for an exploit involving a chain of four errors).
- Hack the EMPORIA EV Charger Level 2 charging station ($60,000 for an exploit involving a buffer overflow).
- Four hacks of the JuiceBox 40 Smart EV charging station ($60,000 for an exploit involving a chain of two errors, $30,000 for buffer overflow, $30,000 for buffer overflow, $15,000).
- Seven hacks on the ChargePoint Home Flex charging station, allowing you to run code at the firmware level of the device ($60,000, $30,000, $30,000, $16,000, $16,000, $16,000, $5000).
- Three hacks of the Autel MaxiCharger AC Wallbox commercial charging station ($30,000 for a stack overflow exploit, $30,000 for a two-miss chain exploit, and $22,500 for a two-miss chain exploit).
- Ten attempts to hack devices among which stand out: Sony, Phoenix, Contact, Pioneer, Alpine among others, which failed.
It is important to highlight that theDetailed information on all demonstrated zero day vulnerabilities will be published after 90 days, giving manufacturers time to prepare updates that fix these vulnerabilities, in accordance with the terms of the contest.
Finally if you are iInterested in learning more about it, can check the following link where you will find more information about the activity during the three days of Pwn2Own Automotive.