PWN2WOWNAUTOMOTIVE – Automotive World in Tokyo. At the competition, forty-nine previously unknown vulnerabilities (0-day) were demonstrated in automobile information and entertainment platforms, operating systems, and electric vehicle charging devices. The attacks were conducted using the latest firmware and operating systems with all available updates, and in their default configuration.
The remuneration paid for the vulnerabilities exceeded 1.3 million US dollars ($1,323,750). The most successful team, Synacktiv, managed to earn 450 thousand US dollars. The second-place team, Fuzzware.io, received 177.5 thousand dollars, and the third-place team, MidnightBlue, received 80 thousand dollars.
| Attacks demonstrated during the competition: |
|---|
| Two hacks of the environment based on the Automotive Grade Linux distribution ($47,500, $35,000). |
| Hacking of the Tesla information and entertainment system ($100,000 per exploit with the use of a chain of two errors). |
| Hacking a modem used in the Tesla car ($100,000 per exploit with a chain of three errors). |
| Five hacks of the information and entertainment system based on the Sony XAV-AX5500 platform ($40,000, $20,000, $20,000, $20,000, $10,000). |
| Hacking of the information and entertainment system based on the Pioneer DMH-WT7600NEX platform ($40,000 per exploit with a chain of three errors). |
| Six hacks of the information and entertainment system based on the Alpine Halo9 ILX-F509 platform. The vulnerabilities exploited include: |
| – Operation of a vulnerability associated with the appeal to the already released memory area ($40,000). |
| – Vulnerability associated with the substitution of commands ($20,000). |
| – Vulnerability associated with the overcoming of the buffer ($ |
/Reports, release notes, official announcements.