VicOne joins Trend Micro’s Zero Day Initiative in staging first-of-its-kind contest offering cash and
prizes of more than $1 million
DALLAS and TOKYO, October 17, 2023—VicOne, an automotive cybersecurity solutions leader, today announced it is co-hosting the first-ever Pwn2Own Automotive 2024 contest, the world’s only event of its kind to focus on uncovering and rectifying vulnerabilities in technologies for connected cars. Tesla is Pwn2Own Automotive’s title sponsor.
Pwn2Own Automotive is scheduled for Jan. 24-26, 2024, at Automotive World in Tokyo. Participants will compete for more than $1 million in cash and prizes in the contest drawing on VicOne’s uncommon understanding of vehicular systems and the associated digital infrastructure, plus Trend Micro Incorporated’s proven Zero Day Initiative (ZDI) platform, the world’s largest vendor-agnostic bug bounty program.
"Pwn2Own Automotive would not exist without VicOne,” said Brian Gorenc, vice president of threat research at Trend Micro Incorporated. “VicOne provides expertise and well-founded insights in terms of the true attack surface and threats for specific connected-car components, and then how we can potentially expose that information to security researchers for them to make meaningful progress on addressing them. VicOne’s unmatched experience in this space is key for our credibility with the automotive industry in demonstrating that we are doing real research against real problems—as opposed to stunt hacking of limited business value.”
Pwn2Own Automotive participants will compete in four categories: Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers and Operating Systems. A successful entry must leverage a newly discovered vulnerability to modify the standard execution path of a connected-car program or process, in order to allow the execution of arbitrary instructions. The vulnerabilities utilized in the attack must be previously unknown, unpublished and/or unreported. ChargePoint, a leading provider of networked solutions for charging electric vehicles, will provide hardware to the Pwn2Own Automotive facility. VicOne engineers will work onsite at Pwn2Own Automotive to help prepare targets, evaluate entries and carry out the disclosure process so that remediations can begin quickly and applied to real-world products.
“We are thrilled to have Tesla as title sponsor for Pwn2Own Automotive, hosted by VicOne and Trend Micro’s ZDI,” said Max Cheng, chief executive officer of VicOne. “Through this program with ZDI, VicOne is leading vulnerability discovery ahead of the future attacks on connected cars. Activities like this one are crucial for preparing the global automotive industry to anticipate and gird for the evolving threat landscape.”
Contest registration is due Jan. 18, 2024, and requires submission of a white paper detailing the exploit chain and the entry’s run instructions. Remote participation is available. Full Pwn2Own Automotive rules are available at www.zerodayinitiative.com/Pwn2OwnAuto2024Rules.html.
About VicOne
With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry. Purpose-built to address the rigorous needs of automotive manufacturers, VicOne solutions are designed to secure and scale with the specialized demands of the modern vehicle. As a Trend Micro subsidiary, VicOne is powered by a solid foundation in cybersecurity drawn from Trend Micro's 30+ years in the industry, delivering unparalleled automotive protection and deep security insights that enable our customers to build secure as well as smart vehicles. For more information, visit vicone.com.
Media Contact
Myla Pilao
myla_pilao@vicone.com
