Hackers at Pwn2Own Automotive 2024 won $200,000 for finding vulnerabilities in Tesla’s systems. The event awarded over $1 million to improve automotive cybersecurity. As electric vehicles grow, addressing these risks becomes even more critical.
At the Pwn2Own Automotive 2024 event, organised by Trend Micro's Zero Day Initiative, a hacker team secured a $200,000 reward for successfully identifying and exploiting vulnerabilities in a Tesla's cellular modem and infotainment system.
This competition, aimed at uncovering and addressing potential security gaps in automotive technologies before they can be exploited maliciously, awarded over $1 million in total prizes.
The event, held in Japan, saw participants challenge the security of automotive electronics, with the winning team, Synacktiv, earning a cumulative $450,000 for their expertise in breaching various car-related technologies, including charging stations and a Sony infotainment system.
The initiative emphasises the importance of cybersecurity in the automotive industry by rewarding hackers for finding flaws and ensuring these vulnerabilities are shared with manufacturers for remediation, thereby enhancing the safety and reliability of automotive technologies in the face of evolving cyber threats.
There's no doubt electric vehicles come numerous advantages to their counterparts, such as lower emissions and reduced cost over time. However, the also open up new opportunities for hackers to exploit them.
As recently as 2023 Eagers Automotive, one of Australia's largest car dealership groups, was hacked. Recently they released a statement confirming the incident:
“The company can now confirm that the incident involved unauthorised access to parts of the company’s IT systems by a third party, which accessed some data from our servers”
“The disruption is primarily impacting the company’s ability to finalise transactions for certain new vehicles which have been sold and are ready for delivery, and some aspects of the company’s service and parts operations.”
Whist the incident did not directly affect electric vehicle systems, accessing a dealership's IT systems is a step too close to comfort to compromising the cars.
Several officials have already held a forum to discuss how to manage any potential vulnerabilities, especially regarding power grids and charging.
With the US looking bolster electric vehicle (EV) adoption events such as Pwn2Own become so much more important.
Japan is racing to develop "unbreakable" quantum encryption by 2030. Chinese hackers breached US wiretap systems, Japan is tackling AI deepfake scams, and China is advancing silicon photonics to evade US tech bans. The cybersecurity competition is intensifying.
Welcome back to Cyber Bites, your lunchtime digest of the latest in international cyber threats, global tech affairs, and AI developments. Stay informed on key events shaping our digital world.
The global push to regulate AI is accelerating, but without a unified framework, efforts risk stifling innovation and AI creativity while causing legal confusion.
North Korean hackers target cryptocurrency firms with fake job offers to install malware, fueling Pyongyang's weapons program. Robin Khuda's AirTrunk revolutionises AI infrastructure, valued at A$24B.
