Inaugural Pwn2Own Automotive to take place in Tokyo in January 2024
Trend Micro Incorporated, a global cybersecurity company, is delighted to announce one of the world's leading carmakers as its key sponsor for the first-ever Pwn2Own Automotive event, where participants will compete for one million in cash prizes and cars. Vijendra Katiyar, Country Manager for India and SAARC at Trend Micro: "Pwn2Own is a key pillar in Trend's Zero Day Initiative (ZDI), which has been helping us discover new vulnerabilities in consumer, industrial, and emerging technology for years. We're delighted to welcome Tesla as title sponsor as we redouble our efforts to expand our influence in the field of automotive cybersecurity."
Pwn2Own Automotive, co-hosted by ZDI and VicOne, a subsidiary of Trend Micro specializing in automotive security, is the first contest to focus exclusively on connected cars. The collaboration of VicOne's deep-rooted understanding of security in the vehicle ecosystem, combined with ZDI's platform to address these challenges head-on, is a synergy between auto cybersecurity and threat hunting.
The goals are to encourage more security research into this ecosystem, incentivize vendors to participate in the community, and raise awareness of modern vehicles' multiple, complex sub-components.
Tesla has worked with Trend Micro and Pwn2Own before, where the carmaker's knowledge of the complexities of electric vehicles (EVs) helped to make Pwn2Own Vancouver a great success.
In addition, ChargePoint will be another partner of this new category of Pwn2Own, providing technical guidance and hardware support for the contest.
Last year, ZDI was responsible for discovering and publishing 1,706 new vulnerabilities. Over 1,000 unique zero-day vulnerabilities were reported through the ZDI in 2023. Among them was a new flaw in MOVEit, which Trend worked with vendors to rapidly remediate and disclose responsibly.
Trend customers benefit from 70+ days of advanced protection, made possible by the valuable data and insights gathered through the ZDI. This advanced intelligence allows Trend to stay one step ahead of potential threats.
For January's event, more than one million dollars are available in cash and prizes, including Tesla cars. There will be four categories:
Tesla: First introduced in Pwn2Own Vancouver 2019, this category will enable contestants to compete to win cash prizes of up to $200,000 and their own vehicle. Contestants can register an entry against a Tesla Model 3/Y (Ryzen-based) or Tesla Model S/X (Ryzen-based) equivalent benchtop unit.
In-Vehicle Infotainment (IVI): These systems connect with our phones and provide Navigation, in-car internet, and Wi-Fi, as well as connectivity to other vehicle systems through the CAN bus, making them a popular target for hackers. There will be three IVI devices to target.
Electric vehicle chargers: EV chargers historically haven't received much attention from the hacking community. Yet attack surfaces such as mobile apps, Bluetooth Low Energy (BLE) connections, and the OCPP protocol could all allow threat actors to cause harm to an EV. There will be six EV charger models to target in the competition.
Operating systems: Participants will race to exploit vulnerabilities in Automotive Grade Linux, Blackberry QNX, and Android Automotive OS.
Pwn2Own is a key part of Trend's ZDI, which has paid over $30 million since 2007—incentivizing researchers to find vulnerabilities in various technology products.
Those unable to participate in person at Pwn2Own Automotive can do so remotely. Register before the contest deadline (January 18, 2024) and submit a detailed white paper explaining your exploit chain and instructions on how to run the entry by the end of the registration period. We recommend contacting us at least two weeks prior to the deadline at the very latest.