Automotive
Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025
The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. Throughout the event, they targeted automotive software and products, including electric vehicle (EV) chargers, car operating systems (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) systems. According to the Pwn2Own Tokyo 2025 contest rules, all […]
Tesla EV charger hacked twice on second day of Pwn2Own Tokyo
Security researchers hacked Tesla’s Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. They also exploited 23 more zero-day vulnerabilities in WOLFBOX, ChargePoint Home Flex, Autel MaxiCharger, Phoenix Contact CHARX, and EMPORIA EV chargers, as well as in the Alpine iLX-507, Kenwood DMX958XR, Sony XAV-AX8500 In-Vehicle Infotainment […]
Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025
On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards. Fuzzware.io is leading the competition after hacking the Autel MaxiCharger and Phoenix Contact CHARX SEC-3150 electric vehicle chargers using a stack-based buffer overflow and an origin validation error bug. This earned them $50,000 and 10 Master […]
FTC orders GM to stop collecting and selling driver’s data
The Federal Trade Commission (FTC) is taking action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and selling drivers’ precise geolocation and driving behavior data from millions of vehicles. The U.S. government organization proposes a settlement in which the automotive giant will be barred from sharing drivers’ sensitive data for five years. The car […]
Allstate car insurer sued for tracking drivers without permission
Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. The two companies are accused of paying millions of dollars to app developers to embed tracking code in widely used mobile apps to gather the location […]
Ford investigates alleged breach following customer data leak
Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. The leak was announced on Sunday by threat actor ‘EnergyWeaponUser,’ also implicating the hacker ‘IntelBroker,’ who supposedly took part in the November 2024 breach. The threat actors leaked on BreachForums 44,000 […]
Unpatched Mazda Connect bugs let hackers install persistent malware
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. The security issues remain unpatched and some of them are command injection flaws that could be leveraged to obtain unrestricted access to vehicle networks, potentially impacting the car’s […]