Hacking competition: Pwn2Own participants crack Tesla charging station

At the Pwn2Own Automotive 2025 hacking competition in Tokyo, the participants scored many hits. In total, prize money of just over 886,000 US dollars was paid out. We can only hope that car manufacturers will release security updates as soon as possible.

After all, attacks on infotainment systems can have far-reaching consequences and, in the worst case, life-threatening consequences if attackers manipulate control systems while driving.

Hacking for greater safety

The Pwn2Own competitions are organized by Trends Micro's Zero Day initiative. The focus is on different products and devices depending on the focus. The aim is to uncover security vulnerabilities so that manufacturers can close them.

Participants receive prize money for this. The security researchers must adhere to certain rules and work under time pressure. For example, the vulnerabilities must be new and previously unknown.

Insecure vehicles

In this edition of the competition, the security researchers set their sights on infotainment systems and chargers for electric cars. The success rate was very high. The PHP Hooligans team successfully attacked Tesla's Wall Connector, for example.

It is not yet known how the attack was carried out in detail. For security reasons, such information is being withheld for the time being so that affected manufacturers have time to respond with security patches. This attack earned the team 50,000 US dollars.

The Technical Debt Collectors team also successfully attacked this charging station. However, the bug they exploited was already known. Nevertheless, they received 12,500 US dollars. The Synacktiv team successfully exploited a vulnerability in the Kennwood DMX958XR infotainment system. As proof, they ran a video of the game "Doom" on the system's screen.

In the end, the Sina Kheirkhah team won the competition and took home 222,250 US dollars.

(des)