Pwn2Own Automotive 2026 - Day ... Note

Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn

Pwn2Own Automotive 2026 concluded with security researchers demonstrating 76 unique 0-day vulnerabilities, awarding over $1 million USD. The Fuzzware.io team, comprising Tobias Scharnowski, Felix Buchmann, and Kristian Covic, secured the Master of Pwn title. They earned 28 points and $215,500 USD for their exploits. Several teams targeted various automotive systems, including Alpine, Kenwood, and Sony infotainment units. Some exploits involved buffer overflows, while others utilized race conditions and incorrect permission assignments. Collisions, where vulnerabilities were already known or demonstrated by another team, occurred frequently, impacting some prize amounts. The Juurin Oy team notably demonstrated a TOCTOU bug on an Alpitronic charger, even installing the game Doom. Other successful exploits gained root access on infotainment systems and charging stations. The competition highlighted the ongoing security challenges within modern automotive technology.
CdXz5zHNQW_ZbkbtHa3th.png