Trend Micro’s Zero Day Initiative (ZDI) has announced the return of the Pwn2Own Automotive cybersecurity competition to Tokyo, which took place from January 24-26, 2024. The event, co-located with the Automotive World conference, marked the second installment of the specialized hacking contest, focusing on the security of the connected vehicle ecosystem. A prize pool of over $1,000,000 in cash and prizes was made available to security researchers who successfully demonstrated zero-day exploits against a range of automotive targets.

The competition was organized with the goal of encouraging research into the automotive security space and helping to harden the ecosystem against cyber threats. The event featured sponsorships from industry leaders including Tesla and ChargePoint.

Expanded Scope: EV Chargers and In-Vehicle Infotainment

A significant addition to the 2024 event was the expansion of the Electric Vehicle (EV) Chargers category. This new category invited researchers to find and exploit vulnerabilities in several real-world charging systems. The targets in this category included the ChargePoint Home Flex, the JuiceBox 40, the Autel MaxiCharger AC Wallbox, and the Phoenix Contact CHARX SEC-3100. A successful demonstration against one of these targets awarded the researcher $60,000.

The In-Vehicle Infotainment (IVI) category also returned, featuring targets such as the Alpine Halo9 iLX-F509 and the Pioneer DMH-WT7600NEX. Other categories included exploits against Automotive Grade Linux and the Sony a7 IV camera, which can be connected to IVI systems.

Tesla Challenge and Top Tier Payouts

The headline target for the event was a Tesla vehicle, with researchers given the opportunity to target a Tesla Model 3 or Model Y running software version 2023.32.x or newer. A multi-system exploit that achieved root persistence through the vehicle’s modem or tuner could earn a top prize of $200,000 and the car itself. Other Tesla-related challenges focused on vulnerabilities in the infotainment system and Autopilot, with various prize levels available depending on the complexity and impact of the exploit demonstrated.

This structure provided a clear incentive for security researchers to direct their expertise towards discovering and responsibly disclosing critical vulnerabilities in modern automotive technology, ultimately contributing to improved vehicle and infrastructure security for consumers.

Source: https://www.thezdi.com/blog/2025/10/16/pwn2own-automotive-returns-to-tokyo-with-expanded-chargers-and-more