Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026
Recorded: Jan. 21, 2026, 1:03 p.m.
| Original | Summarized |
Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026 News Featured Credential-stealing Chrome extensions target enterprise HR platforms Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs Jordanian pleads guilty to selling access to 50 corporate networks Ingram Micro says ransomware attack affected 42,000 people Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026 This 2-in-1 ASUS Chromebook is just $150 for a few more days OpenAI's ChatGPT Atlas browser is testing actions feature Google says Gemini won’t have ads, as ChatGPT prepares to add them Tutorials Latest How to access the Dark Web using the Tor Browser How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to use the Windows Registry Editor How to backup and restore the Windows Registry How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Webinars Latest Qualys BrowserCheck STOPDecrypter AuroraDecrypter FilesLockerDecrypter AdwCleaner ComboFix RKill Junkware Removal Tool Deals Categories eLearning IT Certification Courses Gear + Gadgets Security VPNs Popular Best VPNs How to change IP address Access the dark web safely Best VPN for YouTube Forums Virus Removal Guides HomeNewsSecurityTesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026 Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026 By Sergiu Gatlan January 21, 2026 Security researchers have hacked the Tesla Infotainment System and earned $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition. Team DDOS also earned $72,500 for hacking the ChargePoint Home Flex, the Autel MaxiCharger, and the Grizzl-E Smart 40A vehicle charging station. Pwn2Own Leaderboard Day 1 (ZDI) Secrets Security Cheat Sheet: From Sprawl to Control Related Articles: Automotive Sergiu Gatlan Previous Article Post a Comment Community Rules You need to login in order to post a comment You may also like: Popular Stories Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs Ingram Micro says ransomware attack affected 42,000 people New PDFSider Windows malware deployed on Fortune 100 firm's network Sponsor Posts Identity Governance & Threat Detection in one: Get a guided tour of our platform Discover how to scale IT infrastructure reliably without adding toil or burnout. New webinar: Choose-your-own-investigation walkthrough of modern browser attacks Upcoming Webinar Follow us: Main Sections News Community Forums Useful Resources Welcome Guide Company About BleepingComputer Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... |
This report details the findings of the inaugural Pwn2Own Automotive 2026 competition, held in Tokyo, Japan, from January 21st to 23rd, during the Automotive World auto conference. The event focused on identifying and exploiting vulnerabilities within automotive technologies, including in-vehicle infotainment systems, electric vehicle (EV) chargers, and car operating systems (such as Automotive Grade Linux). A total of 37 zero-day vulnerabilities were successfully demonstrated, collectively resulting in $1,686,500 in cash awards distributed amongst participating teams. Several teams achieved significant wins. Synacktiv Team secured $35,000 for chaining an information leak and an out-of-bounds write flaw affecting the Tesla infotainment system, followed by a further $20,000 following exploitation of vulnerabilities in the Sony XAV-9500ES digital media receiver. Fuzzware.io collected $118,000 after exploiting vulnerabilities in an Alpitronic HYC50 Charging Station, an Autel charger, and a Kenwood DNR1007XR navigation receiver. PetoWorks earned $50,000 by chaining three zero-day bugs to gain root privileges on a Phoenix Contact CHARX SEC-3150 charging controller. DDOS secured $72,500 by exploiting vulnerabilities in the ChargePoint Home Flex, the Autel MaxiCharger, and the Grizzl-E Smart 40A vehicle charging station. The competition’s success builds upon previous Pwn2Own events, notably the 2025 contest, which yielded $886,250 across 49 zero-day vulnerabilities, with Tesla being highlighted twice. The Zero Day Initiative (ZDI), through TrendMicro, established a 90-day window for vendors to address the discovered vulnerabilities before publicly disclosing them. This aligns with established practice in the cybersecurity industry to allow manufacturers sufficient time to implement security patches. The event’s focus encompassed a variety of automotive systems, indicating a broadening scope of vulnerability assessment within the rapidly evolving landscape of connected and electric vehicles. The reported exploits demonstrate the critical need for robust security measures across these complex systems, particularly given the increasingly interconnected nature of modern vehicles. The competition’s results underscore the importance of proactive vulnerability research and responsible disclosure within the automotive sector. |