Tesla Gear Gets Hacked Multiple Times in Pwn2Own Contests

The first team to successfully hack the electric vehicle maker's charger won $50,000 for their ingenuity.

Kristina Beek, Associate Editor, Dark Reading

January 23, 2025

A red Tesla Model S electric car showcased at the Brussels Motor Show
Source: VDWI Automotive via Alamy Stock Photo

Researchers at the this year's Pwn2Own Automotive hacking contest successfully hacked Tesla's wall connector electric vehicle (EV) charger.

The annual contest focuses on hacking automotive technologies during the Automotive World tradeshow in Tokyo. The contest allows researchers to target car operating systems, electric vehicles, chargers, and infotainment systems in vehicles to uncover hidden vulnerabilities and potential threats.

Zero Day Initiative said the PHP Hooligans used a "numeric range comparison without minimum check" zero-day bug to take over the EV charger and crash it. This feat earned them $50,000 in prize money and five Master of Pwn points.

Right behind them was Synacktic, which hacked the Tesla EV charger through the charging connector.

The PHP Hooligans also exploited 23 other zero-day vulnerabilities in WOLFBOX, ChargePoint Home Flex, Autel MaxiCharger, Phoenix Contact CHARX, and EMPORIA EV chargers.

On day two of the contest, Trend Micro's Zero Day Initiative paid out $718,250 in rewards to onsite security researchers who discovered 39 unique zero-days.

Sina Kheirkhah is currently leading the Pwn2Own contest with 24.5 points, followed by Synacktiv in second place, and PHP Hooligans in third.

Kristina Beek, Associate Editor, Dark Reading

President Donald Trump and Melania at the Washington National Cathedral January 21, 2025 in Washington, DC.
Threat Intelligence
Trump Fires Cyber Safety Board Investigating Salt Typhoon HackersTrump Fires Cyber Safety Board Investigating Salt Typhoon Hackers
byBecky Bracken, Senior Editor, Dark Reading
Jan 21, 2025
2 Min Read
The letters "AI" in blue text with binary code running over top and in the background
Threat Intelligence
Employees Enter Sensitive Data Into GenAI Prompts Far Too OftenEmployees Enter Sensitive Data Into GenAI Prompts Far Too Often
byKristina Beek, Associate Editor, Dark Reading
Jan 17, 2025
5 Min Read
Biden meeting on cybersecurity with business leaders
Threat Intelligence
Biden's Cybersecurity EO Leaves Trump a Comprehensive Blueprint for DefenseBiden's Cyber EO Leaves Trump a Strong Blueprint for Defense
byBecky Bracken, Senior Editor, Dark Reading
Jan 16, 2025
7 Min Read
