The French from Synacktiv are once again raiding the Pwn2Own hacking competition. After winning more than half of the financial prize pool last year, the experts of this penetration testing specialist once again distinguished themselves in the new variant of this competition, Pwn2Own Automotive, in Tokyo, dedicated to searching for vulnerabilities in connected vehicles.
The latter in fact succeeded in taking control of devices during eight hacking demonstrations. More precisely, they concerned four takeovers of electric vehicle chargers, two Teslas, and two hacks targeting intelligent car radio type equipment and an automobile operating system.
Tesla Vehicles
Like last year, it was the successful computer attacks against Tesla vehicles, targeting the infotainment system and a modem that brought big profits to Synacktiv in the competition.
In Vancouver, in 2023, the company left with a Tesla Model 3. The year before, it had already successfully exploited a flaw on a model from this manufacturer.
In total, the company won 50 points and $450,000 in prizes in Tokyo, far ahead of Fuzzware.io (25 points and $177,500) and Midnight Blue (16 points and $80,000 in prizes). A total of $1.3 million, rewarding the discovery of 49 computer vulnerabilities, was distributed by the Zero Day Initiative, an organization supported by cybersecurity publisher Trend Micro.
Technical challenge
Sponsored by manufacturers in the sector, the hacking competition allows manufacturers to test the security of their products with specialists. This technical challenge “also gives us the opportunity to measure ourselves against other professionals in the field,” comments David Berard, cybersecurity researcher at Synacktiv.
It also allows the company to gain visibility, particularly when the technical details of the attacks are then shared during conferences.
Based in Paris, the company says it has more than 150 IT security experts and more than 200 clients.