Pwn2Own Automotive is scheduled for Jan. 24-26, 2024, at Automotive World in Tokyo. Participants will compete for more than $1 million in cash and prizes in the contest drawing on VicOne’s uncommon understanding of vehicular systems and the associated digital infrastructure, plus Trend Micro Incorporated’s proven Zero Day Initiative (ZDI) platform, the world’s largest vendor-agnostic bug bounty program.
“Pwn2Own Automotive would not exist without VicOne,” said Brian Gorenc, vice president of threat research at Trend Micro Incorporated. “VicOne provides expertise and well-founded insights in terms of the true attack surface and threats for specific connected-car components, and then how we can potentially expose that information to security researchers for them to make meaningful progress on addressing them. VicOne’s unmatched experience in this space is key for our credibility with the automotive industry in demonstrating that we are doing real research against real problems—as opposed to stunt hacking of limited business value.”
Pwn2Own Automotive participants will compete in four categories: Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers and Operating Systems. A successful entry must leverage a newly discovered vulnerability to modify the standard execution path of a connected-car program or process, in order to allow the execution of arbitrary instructions. The vulnerabilities utilized in the attack must be previously unknown, unpublished and/or unreported. ChargePoint, a leading provider of networked solutions for charging electric vehicles, will provide hardware to the Pwn2Own Automotive facility. VicOne engineers will work onsite at Pwn2Own Automotive to help prepare targets, evaluate entries and carry out the disclosure process so that remediations can begin quickly and applied to real-world products.
“We are thrilled to have Tesla as title sponsor for Pwn2Own Automotive, hosted by VicOne and Trend Micro’s ZDI,” said Max Cheng, chief executive officer of VicOne. “Through this program with ZDI, VicOne is leading vulnerability discovery ahead of the future attacks on connected cars. Activities like this one are crucial for preparing the global automotive industry to anticipate and gird for the evolving threat landscape.”
Contest registration is due Jan. 18, 2024, and requires submission of a white paper detailing the exploit chain and the entry’s run instructions. Remote participation is available. Full Pwn2Own Automotive rules are available at www.zerodayinitiative.com/Pwn2OwnAuto2024Rules.html.
VicOne at Auto-ISAC Cybersecurity Summit
Underscoring its leadership in automotive cybersecurity, VicOne, a strategic partner of Auto-ISAC, is showcasing the latest solutions for automotive original equipment manufacturers (OEMs) and Tier 1 suppliers in Booth 19 at the 2023 Auto-ISAC Cybersecurity Summit, October 17-18 in Torrance, California. During the event, on Wednesday, October 18 at 9:40–10:25 AM PDT, Niraj Kaushik VicOne’s Managing Director for North America is hosting a panel on “Rethinking VSOC: Vehicle Cybersecurity Lifecycle Management – Is It Enough?” with guest speakers:
- Saritha Auti, CISO, UD Trucks
- Ravi Puvvala, Advisory Board Member, Fleet Defender, and Auto-ISAC Board of Directors Member
- Brandon Barry, CEO, Block Harbor
- Max Cheng, CEO, VicOne
“The Auto-ISAC welcomes the active role of VicOne in our 7th Annual Cybersecurity Summit, our biggest event of the year which draws cyber experts from around the globe,” said Faye Francy, Executive Director of the Auto-ISAC. “VicOne provides cybersecurity solutions that support a vehicle’s whole life cycle, as well as vast network operations, so their knowledge and expertise is important to our community focusing on connected, autonomous, shared and electrified security through presentations and panels.”