Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

Pwn2Own Automotive 2025 and Electric Vehicle Security Vulnerabilities
Pwn2Own Automotive 2025
The latest news from the Pwn2Own Automotive 2025 hacking contest, held in Tokyo alongside the Automotive World conference, highlights significant vulnerabilities in various automotive and electric vehicle (EV) systems.
- On the first day of the contest, participants earned a total of $382,750 for exploiting 16 unique zero-day vulnerabilities. These vulnerabilities affected infotainment systems, EV chargers, and automotive operating systems1.
- Notably, the biggest rewards were given for exploits targeting EV chargers. Participants earned $50,000 each for exploits on Autel and Ubiquiti EV chargers, $47,500 for a ChargePoint charger exploit, and $41,750 for a Phoenix Contact charging controller exploit. Other exploits on Autel and Phoenix Contact chargers were rewarded with $25,000 each1.
Tesla and Pwn2Own
- Unlike previous years, there were no attempts to target Tesla vehicles at Pwn2Own Automotive 2025. The organizers had prepared significant rewards, including a car and up to $500,000 in cash, for an autopilot exploit, but no such attempts were made1.
Electric Vehicle Security Vulnerabilities
- The contest underscored the vulnerability of EV chargers and infotainment systems. For instance, exploits targeting Automotive Grade Linux, which included a previously known vulnerability, earned participants $33,500. Additionally, $20,000 was earned for hacking Alpine, Kenwood, and Sony in-vehicle infotainment products1.
Regulatory Developments
In parallel to these hacking contests, regulatory bodies are also addressing security concerns in the automotive sector:
- The U.S. Department of Commerce has finalized restrictions on connected vehicles (CVs) involving hardware and software linked to China and Russia. The Final Rule, set to take effect on March 17, 2025, prohibits the import and sale of CVs containing certain vehicle connectivity systems (VCS) hardware or software, or automated driving software (ADS), if these components are designed, developed, manufactured, or supplied by persons linked to China or Russia2.
Future Implications
- The Pwn2Own Automotive 2025 results and the new regulatory framework emphasize the critical need for enhanced security measures in the automotive industry, particularly for EV chargers and connected vehicle systems.
- The contest and regulatory actions highlight the ongoing efforts to identify and mitigate vulnerabilities in automotive technology, ensuring better security and compliance standards for the industry.
For more detailed information, you can refer to the original sources: