home.social

#p2oauto — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #p2oauto, aggregated by home.social.

  1. Wrapping up #Pwn2Own Automotive 2026! ZDI's Brian Gorenc and @dustin_childs provide all the highlights of the event, where we awarded over $1,000,000 for 76 0-days. Fuzzware.io was awarded Master of Pwn with $215,500 in earnings. Check it out at youtu.be/FJmbDEONGWQ #P2OAuto

  2. $1,047,000 - 76 unique 0-day vulnerabilities - three days of incredible research on display. #Pwn2Own Automotive 2026 had it all: bold exploits, clever techniques, and collisions. Congrats to Fuzzware.io (@ScepticCtf, @diff_fusion, @SeTcbPrivilege), Master of Pwn with $215,500 and 28 points! #P2OAuto

  3. Collision! Ryo Kato (@Pwn4S0n1c) targeted the Autel MaxiCharger AC Elite Home 40A, demonstrating a three-bug chain but encountering one collision, still earning $16,750 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto

  4. Verified! Nam Ha Bach and Vu Tien Hoa of the FPT NightWolf Team targeted the Alpine iLX-F511, exploiting one unique vulnerability to gain root access and earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

  5. Confirmed! Elias Ikkelä-Koski and Aapo Oksman of Juurin Oy targeted the Kenwood DNR1007XR, demonstrating a link-following vulnerability to earn $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

  6. Collision. Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeted the Alpine iLX-F511, demonstrating two vulnerabilities to gain root access. One collided with a previously known issue, earning $3,000 USD and 1.25 Master of Pwn points. #Pwn2Own #P2OAuto

  7. Collision! Nguyen Thanh Dat (@rewhiles) of Viettel Cyber Security (@vcslab) targeted the Kenwood DNR1007XR, demonstrating one bug but encountering a collision, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto

  8. Boom! or shall I say Doom? Game On! Aapo Oksman, Elias Ikkelä-Koski and Mikael Kantola of Juurin Oy exploit the Alpitronic HYC50 with a TOCTOU bug - and installed a playable version of Doom to boot. They earn $20,000 and 4 Master of Pwn points. #Pwn2Own #P2OAuto

  9. Collision! Qrious Secure (@qriousec) targeted the Kenwood system, demonstrating three bugs - one n-day and two unique vulnerabilities (incorrect permission assignment and a race condition), earning $4,000 USD and 1.75 Master of Pwn points. #Pwn2Own #P2OAuto

  10. Confirmed! Viettel Cyber Security (@vcslab) targeted the Sony XAV‑9500ES, exploiting a heap‑based buffer overflow to achieve arbitrary code execution, earning $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

  11. Verified! Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeted the Alpine iLX‑F511, exploiting a stack‑based buffer overflow to earn $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

  12. Confirmed! PetoWorks (@petoworks) targeted the Grizzl-E Smart 40A, exploiting one buffer overflow bug, and earned $10,000 USD and 4 Master of Pwn points. #Pwn2Own #P2OAuto

  13. Collision! Team MST targeted the Kenwood DNR1007XR, demonstrating one bug but running into a collision, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto

  14. Another collision! Slow Horses of Qrious Secure (@qriousec) targeted the Grizzl-E Smart 40A but encountered two bug collisions, still earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

  15. Collision! Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the Alpine iLX-F511, demonstrating one vulnerability previously used by another contestant, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto

  16. Day 3 of Pwn2Own Automotive 2026 is here - the final push. Bold attempts. High stakes. One last day. #Pwn2Own #P2OAuto

  17. Another Collision to close out Day 2! Hyeongseok Lee (@fluorite_pwn), Yunje Shin (@YunjeShin), Chaeeul Hyun (@yskm_Gunter), Ingyu Yang (@Mafty5275), Hoseok Kang (@cl4y419), Seungyeon Park (@vvsy46), and Wonjun Choi (@won6_choi) of BoB::Takedown targeted the Phoenix Contact CHARX SEC-3150, demonstrating three bugs, but ran into two collisions, earning $6,750 USD and 2.75 Master of Pwn points. #Pwn2Own #P2OAuto

  18. Collision! Hyeonjun Lee (@gul9ul), Younghun Kwon (@d0kk2bi), Hyeokjong Yun (@dig06161), Dohwan Kim (@neko__hat), Hanryeol Park (@hanR0724), Hyojin Lee (@meixploit), Jinyeong Yoon, and Youngmin Cho (@ZIEN0621) of ZIEN, Inc. targeted the ChargePoint Home Flex (CPH50-K), demonstrating two unique bugs (symlink following and command injection) but encountered a collision with a previous attempt - still earning $16,750 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto

  19. Collision! Evan Grant (@stargravy) targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting two bug collisions, still earning $15,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto

  20. Verified! Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeted the Alpine iLX-F511, exploiting two unique vulnerabilities to gain root access, earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

  21. Another Collision! Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeted the Phoenix Contact CHARX SEC-3150 with the Charging Connector Protocol/Signal Manipulation add-on, demonstrating six bugs but encountering a collision, still earning $19,250 USD and 4.75 Master of Pwn points. #Pwn2Own #P2OAuto

  22. Another Collision! Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, resulting in two bug collisions and earning $15,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto

  23. Another collision! PetoWorks (@petoworks) targeted the Kenwood DNR1007XR, hitting one bug collision earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto

  24. Confirmed! Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeted the ChargePoint Home Flex (CPH50-K) with the Charging Connector Protocol/Signal Manipulation add-on, exploiting two bugs to earn $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto

  25. Confirmed! Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the ChargePoint Home Flex (CPH50-K) with the Charging Connector Protocol/Signal Manipulation add-on, exploiting one command injection bug to earn $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto

  26. Verified! Synacktiv (@synacktiv) targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add‑on. In Round 2, they exploited one stack‑based buffer overflow, earning $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto

  27. Collision! PHP Hooligans / Midnight Blue (@midnightbluelab) targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting a full collision on a two-bug chain, earning $20,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto

  28. Verified! Rob Blakely of Technical Debt Collectors targeted Automotive Grade Linux, chaining three bugs - an out-of-bounds read, memory exhaustion, and a heap overflow - to earn $40,000 USD and 4 Master of Pwnpoints. #Pwn2Own #P2OAuto

  29. Confirmed! BoredPentester (@BoredPentester) targeted the Kenwood DNR1007XR, demonstrating a command injection vulnerability to earn $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

  30. Yowza! Tobias Scharnowski, Felix Buchmann, and Kristian Covic of Fuzzware.io needed no time at all to demonstrate their exploit of the #Alpitronic HYC50 in Field Mode. My flabbers are fully gasted. They head off to the disclosure room to explain how they did it. #Pwn2Own #P2OAuto

  31. ZDI Director Brian Gorenc and #VicOne CEO Max Cheng open #Pwn2Own Automotive with traditional flair. Coming up - 3 EV changers and 2 IVIs will be put to the test. #P2OAuto

  32. Confirmed (w/ collision)! @ScepticCtf, @diff_fusion, & @SeTcbPrivilege of fuzzware.io used a 2 bug chain - including an uninitialized variable - to exploit the #WOLFBOX EV charger, but one bug was previously known. The earn $18,750 and 2 Master of Pwn points. #P2OAuto

  33. Success! No struggles today as @ScepticCtf, @diff_fusion, & @SeTcbPrivilege of fuzzware.io had no issues exploiting the #WOLFBOX EV charger. They head off to the disclosure room to provide us all the details of their work. #P2OAuto #Pwn2Own

  34. Boom! @SinSinology makes sure everyone is awake once he successfully exploited the #WOLFBOX Level 2 EV Charger. His enthusiasm and the details of his exploit are off to the disclosure room. #P2OAuto

  35. Day Two of #Pwn2Own Automotive starts soon, and the #WOLFBOX and #Tesla EV chargers are set to make their debut. Stay tuned for results! #P2OAuto

  36. Confirmed! Rob Blakely and Andres Campuzano of the Technical Debt Collectors used multiple bugs to exploit Automotive Grade Linux, but one of the bugs was previously known. They still earn $33,500 and 3.5 Master of Pwn points in the 1st #PwnOwn attempt. #P2OAuto

  37. Whew! It took two attempts but the #Synacktiv team successfully exploited the #ChargePoint EV Charger and demonstrated signal manipulation over the connector. They are off to the disclosure room to go over how they did it. #P2OAuto #Pwn2Own

  38. Whew! It took two attempts but the #Synacktiv team successfully exploited the #ChargePoint EV Charger and demonstrated signal manipulation over the connector. They are off to the disclosure room to go over how they did it. #P2OAuto #Pwn2Own