First Pwn2Own Automotive contest to award over $1M for car system bugs

SecurityWeek reports that more than $1 million in cash and prizes will be offered by the Zero Day Initiative for its first Pwn2Own Automotive hacking contest that will be held in Tokyo from Jan. 24 to 26, 2024. ZDI's Pwn2Own Automotive, which is aimed at the development of exploit chains for car systems, has been divided into four categories, including Tesla, electric vehicle chargers, operating systems, and in-vehicle infotainment systems. Individuals submitting exploits targeting Tesla vehicles' autopilot, gateway, or VCSEC, could receive up to $200,000, while those submitting ethernet exploits for the autopilot and gateway could be given up to $100,000, with a Tesla car also given as an additional prize in both instances. Optional add-on rewards will be also granted to those submitting CAN bus exploits. On the other hand, up to $60,000 could be given for valid exploits aimed at six different EV charging devices from Autel, ChargePoint, Emporia, JuiceBox, Phoenix Contact, and Ubiquiti, while $50,000 could be awarded for exploits aimed at the Android Automotive, Automotive Grande Linux, and BlackBerry QNX operating systems. ZDI will also be giving $40,000 for exploits targeted at IVI devices from Alpine, Pioneer, and Sony. Registration and entry submissions will be accepted until Jan. 18.