Blog

We discuss the two vulnerabilities discovered in the Phoenix Contact CHARX SEC-3100 EV charging controller at Pwn2Own Automotive 2024, highlighting their impact and possible mitigations.

As the automotive industry accelerates toward AI-driven, software-defined vehicles, the need for smarter, more efficient cybersecurity has never been greater. VicOne’s innovative xCarbon Edge AI transforms vehicles into proactive defenders, reducing costs, enhancing efficiency, and safeguarding drivers from emerging cyberthreats.

The final day of Pwn2Own Automotive 2025 saw eight unique zero-day vulnerabilities, bringing the total haul for the three-day event to 49. Finishing with 30.5 “Pwn points,” Sina Kheirkhah was crowned this year’s Master of Pwn.

Day two of Pwn2Own Automotive 2025 was a “Tesla EV charger kind of day,” with four Tesla Wall Connectors targeted. The day closed with an impressive haul of 23 unique zero-day vulnerabilities, surpassing the 16 uncovered on day one.

A total of 16 unique zero-day vulnerabilities were discovered on day one of Pwn2Own Automotive 2025, the world’s largest zero-day vulnerability discovery contest focused on connected cars and software-defined vehicles.

We examine the NCC Group’s two-bug chain during Pwn2Own Automotive 2024, which enabled the team to play Doom on the Alpine Halo9 iLX-F509 IVI system. We underscore the more serious implications once attackers gain root access and recommend countermeasures to mitigate the risks.

SDVs are reshaping mobility, but innovation brings risks. Our 2024 cybersecurity analysis and review of the past decade reveal key challenges and industry responses to safeguard safety and trust.

We examine a zero-click remote code execution (RCE) vulnerability in Tesla’s tire pressure monitoring system (TPMS), uncovered by Synacktiv researchers at Pwn2Own Vancouver 2024, and highlight its implications for connected vehicle security.

VicOne and our partners will showcase how we secure the evolving automotive ecosystem at CES 2025, the global stage for breakthrough technologies and innovations.

The Pwn2Own Automotive 2024 competition uncovered a critical zero-click RCE Bluetooth vulnerability in the Alpine Halo9 IVI system, highlighting the risks of proprietary implementations in connected vehicles. We explore the discovery, exploitation techniques, and key takeaways for securing automotive technologies against emerging threats.

Qualcomm has taken a significant step toward bringing GenAI to vehicles by integrating its next-generation Oryon processor into in-car systems. We explore the technology powering GenAI, highlighting what makes it so transformative — and the security challenges it introduces.

The ZDI has identified six zero-day vulnerabilities in an in-vehicle infotainment (IVI) system. As these vulnerabilities remain unpatched, we recommend security best practices to minimize their potential risks and fortify connected vehicles’ IVI systems.