Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
Synacktiv Team (
@Synacktiv) took home $100,000 after successfully chaining three zero-day bugs
to get root permissions on a Tesla Modem.
They also used two unique two-bug chains to hack a
Ubiquiti Connect EV Station and a JuiceBox 40 Smart EV Charging Station, earning an additional $120,000.
A third exploit chain targeting the
ChargePoint Home Flex EV charger was already known but still brought them $16,000 in cash, with a total of $295,000 in prizes during the first day of the contest.
Security researchers also successfully hacked multiple fully patched EV charging stations and infotainment systems, with the NCC Group EDG team taking the second place on the leaderboard after winning $70,000 for zero-days exploited to hack the
Pioneer DMH-WT7600NEX infotainment system and the
Phoenix Contact CHARX SEC-3100 EV charger.
After the zero-day bugs are exploited and reported during the Pwn2Own competition, vendors have 90 days to develop and release security fixes before TrendMicro's Zero Day Initiative publicly discloses them.
