At Pwn2Own Automotive 2024 Day 2, researchers were rewarded over $1 million for exploiting Tesla infotainment systems, Sony, Alphine players, Autel charging systems, and much more.
On the first day, a prize of $722,500 was given to researchers for 24 distinct 0 days. The Synacktiv Team completed their 3 zero-day vulnerabilities on the Tesla Modem and received $100,000.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
The summary for Day 2 of Pwn2Own Automotive 2024 is provided below.
That’s a wrap for Day 2 of #Pwn2Own Automotive. We’ve already awarded over $1,000,000 in prizes this week (¥150 million!) Tune back in tomorrow here or at the ZDI blog for the final day of the contest! Here are the current standings leading into the final day: pic.twitter.com/BZ5jopem9X
— Zero Day Initiative (@thezdi) January 25, 2024
Pwn2Own Day 2
Using a 3-bug chain, the PHP Hooligans and Midnight Blue team exploited the Phoenix Contact CHARX SEC-3100. They get six Master of Pwn Points and $30,000.
The Tesla Infotainment System was attacked by the Synacktiv team using a 2-bug chain. They get ten Master of Pwn Points in addition to $100,000.
Success! The @synacktiv team’s big win is confirmed: a 2-bug chain used to exploit the Tesla Infotainment earns them $100,000 and 10 Master of Pwn Points. #Pwn2Own pic.twitter.com/TWv5MXw9XR
— Zero Day Initiative (@thezdi) January 25, 2024
Using a 2-bug chain, NCC Group EDG was able to defeat the Alpine Halo9 iLX-F509. They receive 4 Master of Pwn Points and $20,000.
Synacktiv exploited Automotive Grade Linux by using a 3-bug chain. They get 5 Master of Pwn Points and $35,000.
Le Tran Hai Tung attacked the Alpine Halo9 iLX-F509 with a 2-bug chain. He gains four Master of Pwn Points and $20,000.
fuzzware.io exploited the ChargePoint Home Flex with a two-bug chain. They get six Master of Pwn Points and $30,000.
Confirmed! Tobias Scharnowski (@ScepticCtf) and Felix Buchmann of https://t.co/ELqV0E3vQ5 used a 2-bug chain in their exploit of the ChargePoint Home Flex. #Pwn2Own pic.twitter.com/DgrnwBiIAP
— Zero Day Initiative (@thezdi) January 25, 2024
The Midnight Blue / PHP Hooligans team exploited the Autel MaxiCharger AC Wallbox Commercial using a stack-based buffer overflow. They get six Master of Pwn Points and $30,000.
With a stack-based buffer overflow, RET2 Systems exploited the JuiceBox 40 Smart EV Charging Station. They get six Master of Pwn Points and $30,000.
Thus far this week, researchers have been granted over $1,000,000 in prizes (¥150 million!).
You can view the detailed itinerary of the highly competitive contest by following this link. Additionally, for your reference, a comprehensive rundown of the Pwn2Own Automotive 2024 Day 2 outcomes can be found here. If you are looking for information on a specific day, you can easily access it using this link.
