Cart

Your Cart is Empty

Back To Shop

Cart

Your Cart is Empty

Back To Shop

Pwn2Own Automotive 2024 – Day Two Results

Welcome to Day Two of the first ever Pwn2Own Automotive. We awarded $722,500 yesterday for 24 unique 0-days. Today’s attempts promise to be just as exciting, with another Tesla attempt at 1300 Japan Standard Time (GMT +9). As always, we’ll be updating this blog with results as we have them.


BUG COLLISION – Team Tortuga successfully used a 2-bug chain against the ChargePoint Home Flex. However, the exploit used was previously known. They still earn $!5,000 and 3 Master of Pwn Points.

SUCCESS – The Midnight Blue / PHP Hooligans team used a 3-bug chain to exploit the Phoenix Contact CHARX SEC-3100. They earn $30,000 and 6 Master of Pwn Points.

BUG COLLISION – Computest Sector 7 successfully executed their attack against the JuiceBox 40 Smart EV Charging Station. However, the bug they used was previously known. They still earn $15,000 and 3 Master of Pwn Points.

FAILURE – Sina Kheirkhah was not able to get his exploit of the Autel MaxiCharger AC Wallbox Commercial working in the time allotted.

SUCCESS – The Synacktiv team used a 2-bug chain to attack the Tesla Infotainment System. They earn $100,000 and 10 Master of Pwn Points.

SUCCESS – NCC Group EDG successfully used a 2-bug chain against the Alpine Halo9 iLX-F509. They earn $20,000 and 4 Master of Pwn Points.

FAILURE – PCAutomotive’s attempt to exploit the JuiceBox 40 Smart EV Charging Station was unsuccessful.

BUG COLLISION – Katsuhiko Sato successfully executed his attack against the Sony XAV-AX5500. However, the bug he used was previously known. He still earns $10,000 and 2 Master of Pwn Points.

SUCCESS – Synacktiv used a 3-bug chain to exploit Automotive Grade Linux. They earn $35,000 and 5 Master of Pwn Points.

SUCCESS – Le Tran Hai Tung used a 2-bug chain against the Alpine Halo9 iLX-F509. He earns $20,000 and 4 Master of Pwn Points.

WITHDRAWN – Sina Kheirkhah withdrew his entry against the EMPORIA EV Charger Level 2. Penalty: -3 Master of Pwn Points.

WITHDRAWN – Team Cluck withdrew their entry against Automotive Grade Linux. Penalty: -2.5 Master of Pwn Points.

SUCCESS / BUG COLLISION – Computest Sector 7’s 2-bug chain against the Autel MaxiCharger AC Wallbox Commercial was a success. However, one of the bugs used was previously known. They still earn $22,500 and 4.5 Master of Pwn Points.

FAILURE – Sina Kheirkhah was not able to get his exploit of the Alpine Halo9 iLX-F509 working in the time allotted.

FAILURE – Alex Olson was not able to get his exploit of the Phoenix Contact CHARX SEC-3100 working in the time allotted.

SUCCESS – fuzzware.io used a 2-bug chain to exploit the ChargePoint Home Flex. They earn $30,000 and 6 Master of Pwn Points.

SUCCESS – The Midnight Blue / PHP Hooligans team used a stack-based buffer overflow to exploit the Autel MaxiCharger AC Wallbox Commercial. They earn $30,000 and 6 Master of Pwn Points.

BUG COLLISION – fuzzware.io used a 2-bug chain to successfully exploit the Alpine Halo9 iLX-F509. However, the exploits used were previously known. They still earn $10,000 and 2 Master of Pwn Points.

SUCCESS – RET2 Systems used a stack-based buffer overflow to exploit the JuiceBox 40 Smart EV Charging Station. They earn $30,000 and 6 Master of Pwn Points.

BUG COLLISION – fuzzware.io used a 2-bug chain to attack the Autel MaxiCharger AC Wallbox Commercial. However, both bugs were previously known. They still earn $15,000 and 3 Master of Pwn Points.


That’s a wrap for Day 2 of Pwn2Own Automotive. We’ve already awarded over $1,000,000 in prizes this week (¥150 million!) Tune back in tomorrow here or across social media for the final day of the contest!