The three-day Pwn2Own Automotive 2026 competition at the Automotive World conference in Tokyo has come to a close, revealing a total of 66 previously unknown vulnerabilities in automotive infotainment platforms, operating systems, and electric vehicle charging devices. The attacks were carried out using the latest firmware and operating systems with all available updates in default configurations.
A total of 955 thousand US dollars in rewards was paid out during the competition. The top-earning team was Fuzzware.io, taking home 213 thousand US dollars. Team DDOS secured second place with $95 thousand, and Synacktiv came in third with $85 thousand.
Throughout the competition, various attacks were demonstrated, including hacking an environment based on the Automotive Grade Linux distribution, 12 hacks of the Alpine iLX-511 infotainment system, 12 hacks of the Kenwood DNR1007XR infotainment system, 4 hacks of the Sony XAV-9500ES infotainment system, and the hacking of a Tesla car’s infotainment system via a USB port.