The PCAutomotive Team (@PC_Automotive) successfully targeted the Alpine Halo9 iLX-F509. Results will be confirmed in the disclosure room. #Pwn2Own

That’s a wrap for Day 1 of #Pwn2Own Automotive! We awarded $722,500 in prizes for 24 unique exploits. Tune back in tomorrow here or at the ZDI blog for more updates! Here are the current standings:

It was an exciting competition and a really fun vuln to exploit. Many thanks to Trend Zero Day Initiative and especially to Piotr Bazydło for assistance and smooth disclosure process. Looking forward to the next event!

Yay, 0-click RCE vuln I used on Pwn2Own is finally published! More details coming soon

The talk was accepted and the slides are already in progress. See you guys in Paris!

Yesterday at Black Hat Europe 2024 our team revealed critical vulnerabilities in Volkswagen Group MIB3 infotainment system (e.g., Skoda Superb III 2022). Learn more and download the presentation: pcautomotive.com/black-hat-euro…

Confirmed! The PCAutomotive team chained 3 different bugs (a heap overflow, an auth bypass, and an improper isolation bug) to exploit the Sony XAV-AX8500 with 0 clicks. Their 3rd round win nets them $10,000 and 2 Master of Pwn points. #P2OAuto

As a result of #P2OAuto 2025 we achieved 2 full wins in IVI category (Alpine, Sony) and 1 collision in Tesla Wall Connector with a successful protocol manipulation add-on. Extremely proud of my team, and the work we’ve done!

It’s been a while but I’m glad these findings are finally published. Thank you for sharing!

9eb2151212eff4a11acde24978e10576f3bef8e5e639ad274a559e401dcbd81c

a75618cc839807a9c0c2308b9c2a320d075ed4d7398476ce6a9d176605596642

Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet At Black Hat Asia, radu motspan and I presented proof that attackers can remotely pwn your vehicle using only 3 stack bof 😱 Including control of a steering wheel! 🚘 i.blackhat.com/Asia-25/Asia-2…

[POC2025] SPEAKER UPDATE 3⃣ 👤 Mikhail Evdokimov(konata) - "PerfektBlue: Universal 1-click Exploit to Pwn Automotive Industry - Mercedes-Benz, Volkswagen, Skoda and Others" #POC2025

PerfektBlue: A critical exploitation chain over Bluetooth to PWN multiple automotive vendors at once. Recently I released details about this sophisticated attack on #POC2025 and #codeblue2025, along with a table of potentially vulnerable devices konatabrk.github.io/perfektblue