Researchers Awarded Over  Million in Pwn2Own Hacking Competition

At Pwn2Own Automotive 2024 Day 2, researchers were rewarded over $1 million for exploiting Tesla infotainment systems, Sony, Alphine players, Autel charging systems, and much more.

On the first day, a prize of $722,500 was given to researchers for 24 distinct 0 days. The Synacktiv Team completed their 3 zero-day vulnerabilities on the Tesla Modem and received $100,000.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

The summary for Day 2 of Pwn2Own Automotive 2024 is provided below.

Pwn2Own Day 2

Using a 3-bug chain, the PHP Hooligans and Midnight Blue team exploited the Phoenix Contact CHARX SEC-3100. They get six Master of Pwn Points and $30,000.

The Tesla Infotainment System was attacked by the Synacktiv team using a 2-bug chain. They get ten Master of Pwn Points in addition to $100,000.

Using a 2-bug chain, NCC Group EDG was able to defeat the Alpine Halo9 iLX-F509. They receive 4 Master of Pwn Points and $20,000.

Synacktiv exploited Automotive Grade Linux by using a 3-bug chain. They get 5 Master of Pwn Points and $35,000.

Le Tran Hai Tung attacked the Alpine Halo9 iLX-F509 with a 2-bug chain. He gains four Master of Pwn Points and $20,000. exploited the ChargePoint Home Flex with a two-bug chain. They get six Master of Pwn Points and $30,000.

The Midnight Blue / PHP Hooligans team exploited the Autel MaxiCharger AC Wallbox Commercial using a stack-based buffer overflow. They get six Master of Pwn Points and $30,000.

With a stack-based buffer overflow, RET2 Systems exploited the JuiceBox 40 Smart EV Charging Station. They get six Master of Pwn Points and $30,000.

Thus far this week, researchers have been granted over $1,000,000 in prizes (¥150 million!).

You can view the detailed itinerary of the highly competitive contest by following this link. Additionally, for your reference, a comprehensive rundown of the Pwn2Own Automotive 2024 Day 2 outcomes can be found here. If you are looking for information on a specific day, you can easily access it using this link.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.