Researchers Uncovered 24 Zero-days in Pwn2Own Automotive : Day 1

Pwn2Own 2024 Car is a various match aimed at identifying and fixing flaws in associated car technologies. Tokyo, Japan, hosts the Pwn2Own 2024 Car from January 24–26, 2024.

Tesla is the title sponsor, and VicOne and Vogue Micro’s Zero Day Initiative (ZDI) are co-hosts. Researchers compromised the Tesla modem, Sony, and Alpine Avid gamers on the first day.

Over forty five entries in all categories are expected to receive a reward of additional than USD 1,000,000 for the rationale that possibility of entries exceeded initial projections.

Pwn2Own Car 2024 Day 1

For $60,000 and six Grasp of Pwn Parts, Sina Kheirkhah became as soon as a hit in conducting his assault against the ChargePoint Home Flex.

On the Sony XAV-AX5500, Tobias Scharnowski and Felix Buchmann of fuzzware.io applied their assault for $40,000 and four Grasp of Pwn Parts.

Gary Li Wang exploited the Sony XAV-AX5500 the utilize of a stack-basically based buffer overflow. He receives four Grasp of Pwn Parts and $20,000.

The three-trojan horse chain that the Synacktiv Team gentle to assault the Tesla Modem became as soon as done. At the side of 10 Grasp of Pwn Parts, they obtain $100,000.

Synacktiv applied a 2-trojan horse chain against the JuiceBox 40 Orderly EV Charging Space. Six Grasp of Pwn Parts and $60,000 are their earnings.

Utilizing a UAF exploit, the PCAutomotive Team efficiently focused the Alpine Halo9 iLX-F509 and earned $40,000 and 4 Grasp of Pwn Parts.

Vudq16 and Q5CA applied a a hit stack-basically based buffer overflow against the Alpine Halo9 iLX-F509 from u0K++. They receive 4 Grasp of Pwn Parts and $20,000.

Katsuhiko Sato applied the deliver injection assault against the Alpine Halo9 iLX-F509. He purchased $20,000 and four Grasp of Pwn Parts attributable to this became as soon as his 2nd-spherical victory.

NCC Community EDG applied a 3-trojan horse chain against the Pioneer DMH-WT7600NEX. Along with four Grasp of Pwn Parts, they receive $40,000.

In opposition to the Phoenix Contact CHARX SEC-3100, NCC Community EDG exploited an negative enter validation. They receive six Grasp of Pwn Parts apart from to $30,000.

The Synacktiv Team attacked the Ubiquiti Connect EV Space the utilize of a 2-trojan horse chain. Six Grasp of Pwn Parts and $60,000 are their earnings.

RET2 Systems applied a 2-trojan horse chain against the Phoenix Contact CHARX SEC-3100. They regain six Grasp of Pwn Parts and $60,000.

The Sony XAV-AX5500 became as soon as the target of a stack-basically based buffer overflow applied by the PHP Hooligans / Nighttime Blue crew. As well to four Grasp of Pwn Parts, they receive $20,000.

The competitive contest’s beefy schedule can even very successfully be seen right here. Here is a total checklist of the Day 1 results for the Pwn2Own Car 2024.