As connected cars become more advanced, so do the cyberthreats that exploit flaws and weaknesses in their systems. The automotive industry must therefore shift to the next gear and boost its cybersecurity stance in order to stay ahead of attacks.
To that end, VicOne is driving Pwn2Own Automotive, the only event of its kind in the world to focus on vulnerabilities in technologies for connected cars.
VicOne brings attention to the ever-expanding connected car attack surface, thereby highlighting the urgency of fortifying the industry against emerging and evolving threats.
VicOne emphasizes the importance of safeguarding the complex components and technologies that make up the modern connected vehicle, paving the way for more robust and resilient cybersecurity protection.
VicOne goes beyond vulnerability disclosures by forging strategic connections and collaborations among security researchers and automotive stakeholders, in a community where groundbreaking discoveries are duly recognized and acted upon.
Drawing on VicOne’s exceptional automotive foresight and threat intelligence, and on Trend Micro’s proven Zero Day Initiative (ZDI) bug bounty program, Pwn2Own Automotive offers participants more than US$1 million in cash and prizes, with Tesla as the title sponsor.
Join us on this platform where security researchers and automotive stakeholders come together!
(organized by RX Japan)
January 22 – 24, 2025
Tokyo Big Sight, Japan
Activities like this one are crucial for preparing
the global automotive industry to anticipate and gird for the evolving threat
landscape.
Max Cheng Chief Executive Officer of VicOne
VicOne's unmatched experience in this space is key for our credibility with the automotive industry in demonstrating that we are doing real research against real problems—as opposed to stunt hacking of limited business value.
Brian Gorenc Vice President of
Threat Research at Trend Micro and
Leader of the Zero Day Initiative (ZDI)
program
We believe that it is of great significance that Pwn2Own Automotive, which will lead to increased security for connected cars and SDVs, will be held at Automotive World, where technologies that will create the future of cars and mobility will gather. We will contribute to the realization of a safer mobility society through this exhibition and event.
Masaki Soda Executive Officer, General Manager of Automotive World Secretariat, RX Japan Corporation
Pwn2Own Automotive is a one-of-its-kind event dedicated to uncovering and rectifying vulnerabilities in technologies for connected cars. It is co-hosted by VicOne and Trend Micro’s Zero Day Initiative (ZDI), with Tesla as the title sponsor. As its name suggests, Pwn2Own Automotive is an automotive-focused offshoot of Pwn2Own. Effectively turning potential future threats into a cybersecurity challenge, Pwn2Own is an ethical hacking competition that invites participants to find hidden, hard-to-detect system vulnerabilities.
Ethical hacking is a practice where skilled cybersecurity experts, known as ethical hackers, use their expertise to identify vulnerabilities and weaknesses in systems. Pwn2Own Automotive provides a platform for ethical hackers to apply their skills in a controlled environment, contributing to the advancement of automotive cybersecurity. It invites security researchers to showcase their ethical hacking skills and gain global recognition in a community where groundbreaking discoveries are celebrated and acted upon. It also bridges the gap between ethical hacking experts and industry leaders by enabling security researchers and automotive stakeholders to forge strategic connections and collaborations.
Date: January 22 – 24, 2025
Location: Automotive World, Tokyo Big Sight, Japan
Pwn2Own Automotive: Contestant registration for Pwn2Own Automotive 2025 is open until January 16, 2025. Interested participants can submit a white paper detailing their ethical hacking exploit chain and run instructions to pwn2own@trendmicro.com. For more information, read the complete set of Pwn2Own Automotive rules here.
Automotive World: Visitor registration for Automotive World, where Pwn2Own Automotive will be held, is available here.
Visa requirements: Visa requirements for entering Japan vary by nationality. Consult the Japanese government’s guide for detailed information. For specific queries, contact your nearest Japanese diplomatic mission. Note that the event organizers do not provide visa application support.
Hotel reservations: For accommodation, contestants and visitors alike are advised to book independently. The Odaiba/Ariake areas are popular for their proximity to the event venue.
Venue access: Detailed transport and access information for the event venue can be found here.
Additional travel guidance is available on Automotive World’s FAQ page and in the official Tokyo travel guide.
Categories: Pwn2Own Automotive 2025 has four categories: Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers, and Operating Systems. Each category has a set of targets that can be selected by the contestant during the registration process. All entries must compromise the device and demonstrate arbitrary code execution on the device.
Cash and prizes: More than US$1 million in cash and prizes will be awarded for vulnerabilities and exploitation techniques against the targets in the categories. The first contestant to successfully compromise a target within the selected category will win the prize amount allocated for that specific target. Pwn2Own Automotive 2025 will also crown a Master of Pwn, signifying the overall winner of the competition.
For more information, read the complete set of Pwn2Own Automotive 2025 rules here.
Pwn2Own Automotive works to encourage reporting of zero-day vulnerabilities to automotive vendors, by collaborating with both researchers and vendors to ensure responsible disclosure and rewarding researchers for their efforts. This approach helps disrupt the cybercriminal underground market and keep vulnerabilities away from potential exploiters, allowing vendors to rectify them before they become public knowledge.
Pwn2Own Automotive extends beyond vulnerability disclosures, leveraging VicOne’s automotive foresight and Trend Micro’s proven Zero Day Initiative (ZDI) bug bounty program. Join us in Tokyo in January 2025 to be part of this unique event driving the industry toward robust and resilient cybersecurity protection.
