VicOne and Zero Day Initiative (ZDI) to lead Pwn2Own Automotive 2025
At "Pwn2Own Automotive 2025" in Tokyo, top global security researchers will compete to discover zero-day vulnerabilities in connected cars and automotive devices
Press Release, 11 December 2024
VicOne, a leading automotive cybersecurity solutions provider, announced today it will co-host the zero-day vulnerability discovery contest, “Pwn2Own Automotive 2025,” with Zero Day Initiative (ZDI). The event will take place from Wednesday, January 22 to Friday, January 24, 2025, at Tokyo Big Sight, West Hall, as part of the “17th AUTOMOTIVE WORLD 2025 – Advanced Automotive Technology Expo.” This will be the second Pwn2Own Automotive contest, following its highly successful debut in January 2024 where 49 zero-day vulnerabilities were discovered.
Pwn2Own Automotive helps build a foundation for automotive cybersecurity by strengthening cybersecurity measures and promoting the prevention of cyber incidents through the discovery of zero-day vulnerabilities. This event addresses growing concerns about vulnerabilities and increased attack risks with the growing adoption of software-defined vehicles (SDVs).
Through ZDI, the contest enables world-class security researchers to conduct real-world testing of the latest automotive technologies. By identifying zero-day vulnerabilities before they can circulate and become real-world cyber-attacks, the event facilitates swift countermeasures, helping prevent cyber threats and enhancing the overall security of automotive vehicles and products.
Additionally, the contest fosters innovation by recognizing the achievements of security researchers and offering over $1 million USD in total prizes. This incentivizes further research and development while providing hands-on experience that nurtures talent in the cybersecurity industry, ultimately contributing to an improved global cybersecurity landscape.
About Pwn2Own 2025 Automotive
Participants in “Pwn2Own Automotive 2025” will compete by earning points in four categories:
- Tesla
- In-vehicle infotainment (IVI) systems
- Electric vehicle (EV) chargers, and
- Operating systems (OS)
Each contestant must demonstrate the ability to execute arbitrary code on the target devices or OS in their chosen category. They are allowed up to three attempts per target during the contest. Successful challenges earn points, and the participant or team with the highest points at the end of the contest is awarded the prestigious title of “Master of Pwn.”
To qualify, the vulnerabilities targeted must be previously unknown, undisclosed, and unreported (according to the contest rules). Only the first participant to successfully complete a challenge in each category is eligible for a monetary reward. The order of the challenges is determined randomly through a draw.
“Through ZDI, we conduct research to address real-world cyberattack scenarios in the automotive sector. Hosting this contest in collaboration with VicOne, who has unmatched expertise and experience in automotive cybersecurity, is a key step in demonstrating our security research expertise within the automotive industry and the research community,” said Brian Gorenc, VP of Threat Research at VicOne’s parent company, Trend Micro.
“Together with ZDI, VicOne is contributing to building a safer future for software-defined vehicles (SDVs). By discovering zero-day vulnerabilities, this event enables security researchers to uncover unknown, unpublished, and unreported vulnerabilities, facilitating early risk identification and mitigation within the automotive industry. Such efforts are critically important for the global automotive sector, especially as the evolution of SDVs accelerates,” said Max Cheng, CEO of VicOne
