Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025
8 comments
·January 23, 2025nerdbeere
wffurr
This is just the first day. From reading the article, seems like they went after the easier targets first.
some_random
The wall connector definitely isn't considered as interesting as the vehicle itself, although tangentially there's been more focus on chargers lately.
xnx
This seems like great work. Are there any practical implications like being able to flash my car with Android Auto or turn of telemetry?
some_random
Actual results here: https://www.zerodayinitiative.com/blog/2025/1/21/pwn2own-aut...
Edit: Day 2 - https://www.zerodayinitiative.com/blog/2025/1/22/pwn2own-aut...
TheJoeMan
Can anyone in the industry enlighten me to the drive for putting a full OS into a vehicle charger? If you've been watching Phoenix Contact, they are going all in on marketing their EV charger controllers and such. I'm just not seeing what additional functionality they are leveraging vs. an embedded system?
loa_in_
Reminds me of the story about trains. We really need these things to get hacked, and also someone who customers of businesses that employ shady software practices, not unlike disabling trains that enter competitors' repair shop, to have a way to see through the practices and maybe pursue legal claims.
null
> While Tesla also provided a Model 3/Y (Ryzen-based) equivalent benchtop unit, contestants have only registered attempts against the company's wall connector.
Can someone provide more context on what this means? Does it imply that it’s not an interesting target, or does it mean that it’s well-tested and secure?