Cybersecurity researchers and bug bounty hunters earned more than $1.3 million for hacking Teslas, electric car chargers and infotainment systems in Project Zero Day's Pwn2Own automotive competition.
The first Pwn2Own Automotive event has concluded, and Trend Micro's ZDI has announced that participants were awarded a total of $1,323,750 for demonstrating 49 unique and previously unknown vulnerabilities affecting automotive products.
The Synacktiv team won the contest, taking home a total of $450,000 in prizes, including $200,000 for hacking into Tesla's modem and infotainment system - winning them $100,000 for each vulnerability.
The top prizes were awarded on the first day of Pwn2Own Automotive, when participants were awarded a total of more than $700,000 in prizes, including multiple $60,000 awards for electric car charger hacks and $40,000 for infotainment system hacks. Tesla modems were also hacked on the first day.
On the second day, the biggest reward, aside from the Tesla infotainment exploit, was $35,000 for an automotive-grade Linux exploit. The Electric Car Charger exploit won $30,000 for multiple teams.
On the third day of the campaign, a $60,000 bounty was offered for the Emporia electric vehicle charger vulnerability. There were three other EV charger vulnerabilities for which researchers earned $30,000 each.3 Attempts resulted in payments of between $20,000 and $26,000 for infotainment system and EV charger hacks.
ZDI is currently gearing up for Pwn2Own Vancouver 2024, which will be held March 20-22 in Vancouver, Canada, alongside the CanSecWest conference. The event has a prize pool of more than $1 million dollars.