The Pwn2Own Automotive 2025 hacking contest has ended with safety researchers amassing $886,250 after exploiting 49 zero-days.
All through the occasion, they focused automotive software program and merchandise, together with electrical car (EV) chargers, automobile working programs (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) programs.
Based on the Pwn2Own Tokyo 2025 contest guidelines, all units focused ran the most recent working system variations and had all safety updates put in.
Whereas Tesla additionally offered a Mannequin 3/Y (Ryzen-based) equal benchtop unit, safety researchers who joined the competitors have solely registered makes an attempt towards the corporate’s Wall Connector charger.
The opponents collected $382,750 in money awards after demoing 16 distinctive zero-days on the primary day and one other $335,500 on the second day after exploiting 23 extra zero-day vulnerabilities and hacking Tesla’s EV charger twice. On the third day of Pwn2Own, they collected one other $168,000 for 10 extra zero-days.
After the zero days are demoed and reported throughout Pwn2Own occasions, distributors have 90 days to launch safety patches earlier than TrendMicro’s Zero Day Initiative publicly discloses them.
Summoning Workforce’s Sina Kheirkhah gained this 12 months’s version of Pwn2Own Automotive 2025 with 30.5 Grasp of Pwn factors, and $222,250 in money awards gained after hacking the a number of EV chargers and In-Automobile Infotainment (IVI) programs.
Synacktiv took second place with $147,500, PHP Hooligans earned $110,000, fuzzware.io will go house with $68,750, and Viettel Cyber Safety collected $53,750 for the zero-day exploits demoed throughout the three days of the competitors.
The outcomes for every problem on Pwn2Own Automotive 2025’s final day and the ultimate outcomes could be discovered right here.
Throughout the primary version of Pwn2Own Automotive in January 2024, safety researchers earned $1,323,750 for demonstrating 49 zero-day bugs in a number of electrical automobile programs and hacking a Tesla automobile twice.
Two months later, throughout the Pwn2Own Vancouver 2024 competitors, ZDI awarded one other $1,132,500 for 29 zero-day bugs. Synacktiv went house with $200,000 and a Tesla Mannequin 3 after hacking its ECU with Automobile (VEH) CAN BUS Management in below 30 seconds.