"Tesla Hacked, 24 Zero-Days Demoed at Pwn2Own Automotive 2024"

Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.  Synacktiv Team took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem.  The team also used two unique two-bug chains to hack a Ubiquiti Connect EV Station and a JuiceBox 40 Smart EV Charging Station, earning an additional $120,000.  A third exploit chain targeting the ChargePoint Home Flex EV charger was already known but still brought them $16,000 in cash, with a total of $295,000 in prizes during the first day of the contest.  NCC Group EDG team also successfully hacked multiple fully patched EV charging stations and infotainment systems, taking second place on the leaderboard after winning $70,000 for zero-days exploited to hack the Pioneer DMH-WT7600NEX infotainment system and the Phoenix Contact CHARX SEC-3100 EV charger.  After the zero-day bugs are exploited and reported during the Pwn2Own competition, vendors have 90 days to develop and release security fixes before TrendMicro's Zero Day Initiative publicly discloses them.

BleepingComputer reports: "Tesla Hacked, 24 Zero-Days Demoed at Pwn2Own Automotive 2024"