VicOne and Zero Day Initiative (ZDI) to Lead Pwn2Own Automotive - Dark Reading
![VicOne and Zero Day Initiative (ZDI) to Lead Pwn2Own Automotive - Dark Reading](/content/images/size/w1200/2025/01/img_VicOne_and_Zero_Day_Initiative_-ZDI-_to_Lead_Pwn2Own_Automotive_-_Dark_Reading.png)
The latest news on Pwn2Own Automotive 2025 and related zero-day vulnerability contests in the automotive sector does not appear to be directly covered in the provided sources. However, there are several relevant pieces of information that can be inferred from the given articles:
-
Honda Rolling-PWN Attack:
-
Cybersecurity in Police Cars:
- A project by the Virginia State Police (VSP) tested the resilience of police cars to cyber attacks, demonstrating vulnerabilities in 2012 Chevrolet Impalas and 2013 Ford Tauruses2.
- Researchers successfully hacked these vehicles, causing issues like gear shifts, engine RPM spikes, and engine shutdowns2.
-
General Cybersecurity Trends:
- There have been significant cybersecurity incidents, including a breach of the US Treasury Department by Chinese state-sponsored hackers using a compromised API key for remote IT support4.
- The incident highlights vulnerabilities in remote access tools and software supply chains, emphasizing the need for robust IT security measures and continuous monitoring4.
Key Highlights:
- Honda Vulnerability: A Rolling-PWN attack can unlock or start Honda vehicles from 2012 to 2022.
- Police Car Vulnerability: State police cars in Virginia are vulnerable to cyber attacks, requiring physical tampering for exploitation.
- General Cybersecurity: Recent breaches highlight the importance of secure remote access tools and software supply chains.
Detailed Context:
- The Rolling-PWN attack on Honda vehicles is a specific vulnerability that affects a wide range of models. It exploits a flaw in the rolling codes mechanism used in remote keyless entry systems, allowing attackers to resynchronize the counter and reuse previous commands to unlock or start vehicles1.
- The Virginia State Police's project on testing police car resilience to cyber attacks demonstrates the potential for significant disruptions, including gear shifts and engine control issues, which can be caused by hacking into connected vehicles2.
- The breach of the US Treasury Department by Chinese hackers underscores the risk of nation-state sponsored cyber attacks targeting sensitive information and highlights the need for robust cybersecurity measures, including secure remote access tools and vigilant monitoring4.
Trustworthy Citations:
- 1 Security Affairs: "Experts show how to unlock several Honda models via Rolling-PWN attack."
- 2 Security Affairs: "US state police cars are vulnerable to cyberattack."
- 4 ITPro: "Chinese threat actors breached the US Treasury in 'major incident'."
These sources provide comprehensive information on recent cybersecurity incidents and vulnerabilities in automotive systems, highlighting the importance of continuous security updates and robust IT measures.