As the automotive industry races into the era of software-defined vehicles (SDVs), the cyberthreats that exploit flaws and weaknesses in their complex systems have also evolved. The industry must therefore shift to the next gear and boost its cybersecurity stance to stay ahead of attacks.

To that end, VicOne is once again driving Pwn2Own Automotive, the world’s largest zero-day vulnerability discovery contest focused on connected cars and software-defined vehicles (SDVs).

Join us on this platform where security researchers and automotive stakeholders come together!

Pwn2Own Automotive


(organized by RX Japan)
January 22 – 24, 2025
Tokyo Big Sight, Japan

Days
Hours
Minutes
Seconds
RULES AND TARGETS
Contest Schedule
Coming Soon
REGISTER NOW
For Security Researchers

Pwn2Own Automotive Cybersecurity Challenge 2025

Elevating Automotive Cybersecurity Through Zero-Day Vulnerability Discovery

Accelerating Automotive Zero-Day Vulnerability Discovery

Accelerating Automotive Zero-Day Vulnerability Discovery

VicOne brings attention to the ever-expanding connected car attack surface, thereby highlighting the urgency of fortifying the industry against emerging and evolving threats.

Spotlighting the Connected Vehicle’s Systems and Digital Infrastructure

Spotlighting the Connected Vehicle’s Systems and Digital Infrastructure

VicOne emphasizes the importance of safeguarding the complex components and technologies that make up the modern connected vehicle, paving the way for more robust and resilient cybersecurity protection.

Bridging the Gap Between Industry Leaders and Shakers

Bridging the Gap Between Industry Leaders and Shakers

VicOne goes beyond vulnerability disclosures by forging strategic connections and collaborations among security researchers and automotive stakeholders, in a community where groundbreaking discoveries are duly recognized and acted upon.

Drawing on VicOne’s exceptional automotive foresight and threat intelligence, and on Trend Micro’s proven Zero Day Initiative (ZDI) bug bounty program, Pwn2Own Automotive offers participants more than US$1 million in cash and prizes, with Tesla as the title sponsor.

VicOne Secures the Future of Mobility

by Helping Automotive Manufacturers and Suppliers Identify and Rectify Vulnerabilities

Pwn2Own Automotive Categories

Tesla

In-Vehicle Infotainment (IVI)

Electric Vehicle Chargers

Operating Systems
Max Cheng

By discovering zero-day vulnerabilities, this event enables security researchers to uncover unknown, unpublished, and unreported vulnerabilities, facilitating early risk identification and mitigation within the automotive industry. landscape.

Max Cheng Chief Executive Officer of VicOne

Brian Gorenc

Hosting this contest in collaboration with VicOne, who has unmatched expertise and experience in automotive cybersecurity, is a key step in demonstrating our security research expertise within the automotive industry and the research community.

Brian Gorenc Vice President of Threat Research at Trend Micro and
Leader of the Zero Day Initiative (ZDI) program

Masaki Soda

We believe that it is of great significance that Pwn2Own Automotive, which will lead to increased security for connected cars and SDVs, will be held at Automotive World, where technologies that will create the future of cars and mobility will gather. We will contribute to the realization of a safer mobility society through this exhibition and event.

Masaki Soda Executive Officer, General Manager of Automotive World Secretariat, RX Japan Corporation

1
2
3

Gain Insights Into Automotive Vulnerabilities from VicOne

Get Updates on Pwn2Own Automotive

FAQs



What is Pwn2Own Automotive?

Pwn2Own Automotive is a one-of-its-kind event dedicated to uncovering and rectifying vulnerabilities in technologies for connected cars and software-defined vehicles (SDVs). It is co-hosted by VicOne and Trend Micro’s Zero Day Initiative (ZDI), with Tesla as the title sponsor. As its name suggests, Pwn2Own Automotive is an automotive-focused offshoot of Pwn2Own. Effectively turning potential future threats into a cybersecurity challenge, Pwn2Own is a contest that invites participants to discover zero-day vulnerabilities.

When and where will Pwn2Own Automotive 2025 be held?

Date: January 22 – 24, 2025

Location: Automotive World, Tokyo Big Sight, Japan

How do I register?

Pwn2Own Automotive: Contestant registration for Pwn2Own Automotive 2025 is open until January 16, 2025. Interested participants can submit a white paper detailing their exploit chain and run instructions to pwn2own@trendmicro.com. For more information, read the complete set of Pwn2Own Automotive rules here.

Automotive World: Visitor registration for Automotive World, where Pwn2Own Automotive will be held, is available here.

What are the travel requirements?

Visa requirements: Visa requirements for entering Japan vary by nationality. Consult the Japanese government’s guide for detailed information. For specific queries, contact your nearest Japanese diplomatic mission. Note that the event organizers do not provide visa application support.

Hotel reservations: For accommodation, contestants and visitors alike are advised to book independently. The Odaiba/Ariake areas are popular for their proximity to the event venue.

Venue access: Detailed transport and access information for the event venue can be found here.

Additional travel guidance is available on Automotive World’s FAQ page and in the official Tokyo travel guide.

What are the Pwn2Own Automotive 2025 contest categories and prizes?

Categories: Pwn2Own Automotive 2025 has four categories: Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers, and Operating Systems. Each category has a set of targets that can be selected by the contestant during the registration process. All entries must perform a security challenge on the device and demonstrate arbitrary code execution on the device.

Cash and prizes: More than US$1 million in cash and prizes will be awarded for vulnerabilities and exploitation techniques against the targets in the categories. The first contestant to successfully perform a security challenge on a target within the selected category will win the prize amount allocated for that specific target. Pwn2Own Automotive 2025 will also crown a Master of Pwn, signifying the overall winner of the contest.

For more information, read the complete set of Pwn2Own Automotive 2025 rules here.

Why does Pwn2Own Automotive matter?

Pwn2Own Automotive is a contest where the world’s top-level security researchers gather to discover vulnerabilities in the latest automotive technologies. Supporting Pwn2Own Automotive contributes to building a comprehensive risk management system in the SDV era.

  • Preparing for the SDV era
    As software increasingly controls vehicle functions, concerns about vulnerabilities and risks grow. Pwn2Own Automotive strengthens security through zero-day vulnerability discovery and incident prevention, laying the foundation for future vehicle security.
  • Improving product safety and reducing risk
    By testing the latest automotive technologies in real-world environments, Pwn2Own Automotive uncovers zero-day vulnerabilities early — before they reach underground markets. This proactive approach prevents cyberattacks, enhances product security, and minimizes risks.
  • Raising industrywide security awareness and building a cooperative framework
    By promoting cybersecurity awareness across the automotive industry and fostering collaboration, Pwn2Own Automotive aims to elevate cybersecurity standards and realize a safer automotive ecosystem.
  • Advancing security research and developing talent
    By recognizing and rewarding researchers for finding vulnerabilities, Pwn2Own Automotive cultivates skilled cybersecurity professionals. This hands-on experience in a real-world setting bolsters the industry’s overall security capabilities.

Join us in Tokyo in January 2025 for this unique event that propels the automotive industry toward robust and resilient cybersecurity.

RULES AND TARGETS
Contest Schedule
Coming Soon
REGISTER NOW
For Security Researchers