World's largest white-hacking competition in the automotive sector

21 January 2025
| No comments
World's largest white-hacking competition in the automotive sector
Advertising

Share post

The world's largest white-hacking competition "Pwn22Own Automotive 24" will take place at the Tokyo Big Sight Event Center from January 2025 to 2, 2025. It is a competition for top ethical hackers and cybersecurity experts to research and fix previously unknown cybersecurity vulnerabilities ("zero-day discovery") in the automotive sector.

Following the highly successful premiere in January 2024, in which 49 previously unknown cybersecurity vulnerabilities (zero-day vulnerabilities) were discovered and reported to the respective manufacturers, the second edition of the "Pwn2Own Automotive" competition has now been announced. The event helps to lay a foundation for future cybersecurity in the automotive industry by strengthening cybersecurity measures and promoting the prevention of cyber incidents through the discovery of zero-day vulnerabilities. This addresses the growing threat of cybersecurity vulnerabilities and increased attack risks associated with the introduction of software-defined vehicles (SDVs) and software-controlled vehicle functions.

Advertising

Competition awards prizes for uncovering security vulnerabilities

By leveraging the ZDI platform, the competition enables leading cybersecurity experts to test and attack the latest automotive technologies in real-world conditions. By identifying zero-day vulnerabilities before they circulate on the black market and can be used for criminal purposes, the event enables vehicle manufacturers and suppliers to take rapid countermeasures that help prevent cyberattacks and improve the overall security of automotive products.

In addition, the competition encourages innovation by recognizing the achievements of cybersecurity researchers or white hackers and awarding prizes totaling over $1 million for the discovery of new vulnerabilities. This incentivizes further research and development while providing hands-on experience that develops talent in the cybersecurity industry and ultimately contributes to an improved global cybersecurity landscape.

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Up to three hacking attempts are allowed per target

Participants (research teams) in the “Pwn2Own Automotive 2025” competition will earn points in four separate categories: Tesla, in-vehicle infotainment systems (IVI), electric vehicle (EV) chargers and operating systems (OS).

Each participant must prove that they are able to execute arbitrary (bug) code on the target devices or operating systems provided in their chosen category. During the competition, up to three hacking attempts per target system are allowed. Points are awarded for successful attack attempts, and the participant or team with the most points at the end of the competition receives the prestigious title of "Master of Pwn".

To be considered for the competition, the cyber vulnerabilities attacked must have been previously unknown, unpublished and/or unreported. Any deviation from these criteria may result in a lower prize. Only the first participant to successfully complete a cyber attack in each category is entitled to a cash prize. The order of the tasks is randomly determined by a drawing of lots.

Cyber-secure future for software-defined automobiles

"At Trend ZDI, we conduct research on cyber-secure vehicles and deal with real-world attack scenarios in the automotive sector. Conducting this competition in collaboration with VicOne, who has extensive expertise and experience in cybersecurity in the automotive industry, is an important step in demonstrating our expertise in security research within the automotive industry and research community," said Brian Gorenc, Vice President of Threat Research at Trend Micro and responsible for the ZDI program.

VicOne's CEO Max Cheng explains: "Through this competition launched in conjunction with ZDI, VicOne is helping to create a more cyber-secure future for software-defined vehicles (SDVs). By discovering zero-day vulnerabilities, this event enables security researchers or white hackers to publicize unknown, unpublished and previously unreported cybersecurity vulnerabilities, facilitating early risk detection and mitigation in the automotive industry. Such efforts are critical for the global automotive sector, especially as the development of SDVs advances at an ever-increasing pace."

About Pwn2Own Automotive 2025:

Date and time: January 22nd 〜January 24th, 2025
Venue: Tokyo Big Site West Hall – As part of the 17th AUTOMOTIVE WORLD 2025
Website: see link

More at VicOne.com

 

About VicOne

With a vision to secure the vehicles of tomorrow, VicOne offers a broad portfolio of cybersecurity software and services for the automotive industry. VicOne's solutions are specifically designed to meet the stringent requirements of automotive manufacturers and suppliers and are designed to meet the specific needs of modern vehicles.

Matching articles on the topic

NIS2 – how a SaaS infrastructure contributes

It is estimated that up to 40.000 German companies will be affected by NIS2 in the future. The directive is intended to improve cyber resilience and ➡ Read more

Zero-Trust Architecture – Opportunities & Risks

Trust is good, control is better: The Zero Trust architecture turns traditional security models on their head by checking every access – ➡ Read more

25 years with numerous cybersecurity challenges

As we approached the year 2000, the IT and business world looked with concern at the infamous “Y2K bug” – a ➡ Read more

DeepSeek and Qwen are the tools of hackers

Criminals are increasingly exploiting DeepSeek and Qwen, using jailbreaking techniques to create their malicious content to commit financial and information theft. ➡ Read more

Passkeys: Efficient management supports CISOs

New security passkey management solution supports organizations with secure authentication, offering IT complete control over the entire lifecycle ➡ Read more

These are the most important security vulnerabilities and attack techniques

The number of reported security vulnerabilities increased by 2024 percent in 38. With the increasing dependence on software systems, the ➡ Read more

DORA: How financial companies are meeting the challenges

The Digital Operational Resilience Act (DORA) was passed to address the increasing cyber threats in the financial industry and to ➡ Read more

NIS-2 has failed – waiting is still not an option

While other EU countries have long since established clear guidelines for NIS-2, implementation in Germany has failed for the time being. This means that parts ➡ Read more

 

PR News
, , , , , , ,