Zero Day Initiative | Blog
Follow
From Pwn2Own Automotive: Taking Over the Autel Maxicharger
Two vulnerabilities in Autel Maxicharger firmware (v1.32) were disclosed by Synacktiv researchers at Pwn2Own Automotive 2024: a Bluetooth-based RCE and a Wi-Fi backdoor. Autel responded with firmware update v1.35 before public disclosure. The first vulnerability involved a buffer overflow due to unrestricted client message length in the Bluetooth charging control function, which was fixed by adding a length check. The second vulnerability exploited a backdoor in the Wi-Fi authentication function with hard-coded credentials, which was removed in v1.35. Both vulnerabilities were identified through reverse engineering using Ghidra and comparing firmware versions. Autel's prompt patching demonstrates their commitment to security. EV charger security is crucial as they become widely deployed, and Pwn2Own Automotive 2025 will assess vendor improvements.