Blog

The final day of Pwn2Own Automotive saw seven (out of the scheduled nine) attempts targeting EV chargers, and the Synacktiv team cemented its lead to win the title of Master of Pwn. All in all, the three-day event awarded over US$1.3 million for 49 unique zero-day vulnerabilities.

Day 2 of Pwn2Own Automotive saw multiple multi-bug chains, with Synacktiv using a two-bug chain to attack a Tesla infotainment system and adding another US$100,000 to the team's earnings. Two days into the contest, over US$1,000,000 in prizes had already been awarded.

US$722,500 in prizes was awarded for 24 unique exploits during the first day alone of the inaugural edition of Pwn2Own Automotive, the world’s first and only event focusing on vulnerabilities in technologies for connected cars.

We examine the impact of vulnerabilities and the security implications of advancing technologies on vehicles in VicOne’s walkthrough of an API attack scenario.

We delve into two scenarios that highlight the significance of vulnerability discovery as we detail the work of researchers from Zero Day Initiative, who have identified and examined two distinct flaws in the realm of electric vehicle (EV) chargers.

As the automotive cybersecurity landscape expands beyond the confines of the cloud to include in-vehicle components and infrastructure, reliance solely on today’s cloud-based VSOC platforms might prove inadequate for ensuring robust protection. In this article, we dive into a real-world scenario to shed light on why it’s time to rethink VSOC platforms.

A recent ransomware attack on an automotive supplier is a stark reminder of the frequent and varied cyberthreats that industries face, especially those utilizing internet technologies. In this article, we explore typical scenarios in industries reliant on internet technologies and highlight the unique vulnerabilities and challenges that the automotive industry faces amid the rising tide of cyberattacks.

We highlight common vulnerabilities affecting modern connected vehicles, including those involving denial of service, hard-coded credentials, and stack overflow.

We recently explored the current state of automotive cybersecurity in the VicOne Automotive Cyberthreat Landscape Report 2023. In this blog entry, we present the automotive cybersecurity predictions and recommendations that decisions-makers in the automotive industry should be cognizant of in 2024.

In the fast-paced evolution of the automotive industry, technological innovation has become synonymous with progress. However, this era of transformation also demands an unwavering commitment to robust cybersecurity measures.

Pwn2Own Automotive specifically focuses on the increasing cyberthreats to connected cars worldwide, addressing a critical area of modern automotive security. It is the first global competition dedicated to discovering and solving connected car technology vulnerabilities.

In our annual automotive cybersecurity report, we review the past year to see how far the industry has come in its compliance journey, what challenges it has been facing, and where it can expect to find itself amid the threat landscape ahead.