Tesla infotainment system hacked at Pwn2Own Automotive 2026

As reported by Bleeping Computer, security researchers demonstrated significant vulnerabilities at the Pwn2Own Automotive 2026 competition, successfully hacking into Tesla's infotainment system and other automotive components. The event, held in Tokyo, Japan, saw hackers exploit zero-day flaws to secure substantial cash prizes.

During the first day of Pwn2Own Automotive 2026, security teams earned a total of $516,500 by exploiting 37 zero-day vulnerabilities. The Synacktiv Team secured $35,000 for compromising the Tesla Infotainment System by chaining an information leak and an out-of-bounds write flaw to achieve root permissions via a USB attack. They also earned an additional $20,000 for hacking a Sony XAV-9500ES receiver. Other notable successes included Fuzzware.io, who collected $118,000 for exploiting charging stations and navigation receivers, and PetoWorks, awarded $50,000 for gaining root access on a Phoenix Contact charging controller. Team DDOS also won $72,500 for hacking multiple EV charging stations.

The Pwn2Own Automotive 2026 competition highlights ongoing security challenges in connected vehicles and EV charging infrastructure. Vendors have a 90-day window to address the disclosed zero-day vulnerabilities before public disclosure.

Source: Bleeping Computer