On the second day of Pwn2Own Automotive 2026, security researchers collected $439,250 in cash awards after exploiting 29 unique zero-days.
The Pwn2Own Automotive hacking contest focuses on automotive technologies and takes place this week in Tokyo, Japan, from January 21 to January 23, during the Automotive World auto conference.
Throughout the competition, security researchers target fully patched electric vehicle (EV) chargers, in-vehicle infotainment (IVI) systems, and car operating systems (e.g., Automotive Grade Linux).
Fuzzware.io currently leads the competition's leaderboard with $213,000 earned after the first two days, and has earned another $95,000 by hacking the Phoenix Contact CHARX SEC-3150 charging controller, the ChargePoint Home Flex EV charger, and the Grizzl-E Smart 40A EV charging station.
Sina Kheirkhah of Summoning Team collected another $40,000 after rooting the Kenwood DNR1007XR navigation receiver, the ChargePoint Home Flex, and the Alpine iLX-F511 multimedia receiver.
Rob Blakely of Technical Debt Collectors and Hank Chen of InnoEdge Labs were also awarded $40,000 each after demonstrating zero-day exploit chains targeting Automotive Grade Linux and the Alpitronic HYC50 charging station.
After the first two days of the contest, security researchers have earned $955,750 in cash awards after exploiting 66 zero-day vulnerabilities.
Pwn2Own Automotive Day 2 leaderboard (ZDI)
On the third day of Pwn2Own, the Grizzl-E Smart 40A will be targeted again by Slow Horses of Qrious Secure and the PetoWorks team, while the Juurin Oy team will go after the Alpitronic HYC50, and Ryo Kato will attempt to exploit the Autel MaxiCharger.
On the first day, Synacktiv Team earned $35,000 after successfully chaining an information leak and an out‑of‑bounds write flaw to obtain root permissions on the Tesla Infotainment System via a USB-based attack and an additional $20,000 cash award for chaining three zero-day flaws to gain root-level code execution on the Sony XAV-9500ES digital media receiver.
... continue reading