Trend Micro's HostPwn2Own competition successfully hacks Automobile IV, electric vehicle chargers, and additional targets
At the 2025 edition of Automotive World, VicOne and Trend Micro co-hosted the Pwn2Own Automotive, a zero-day vulnerability discovery contest that attracted cybersecurity experts from 13 countries. The event, which took place at Automotive World in Tokyo from January 22 to 24, aimed to identify and mitigate risks in the rapidly evolving automotive industry.
The competition revealed the increasing vulnerability of connected vehicles, with 49 zero-day vulnerabilities discovered across various systems, including in-vehicle infotainment (IVI) systems and electric vehicle (EV) chargers. These findings underscored the need for robust security measures as the automotive industry transitions towards software-defined vehicles (SDVs), artificial intelligence, and over-the-air (OTA) updates, expanding the attack surface for cyber threats.
In 2024, cyberattacks on the automotive industry caused damages exceeding $22 billion, with $20 billion stemming from data breaches and personal information leaks. Suppliers and dealers bore the brunt of these attacks, highlighting the need for comprehensive security solutions across the supply chain.
VicOne addressed this challenge by introducing an advanced cybersecurity solution at the event. This innovation expands the capabilities of Panasonic Automotive Systems’ VERZEUSE® for Virtualization Extensions Type-3, integrating VicOne’s xCarbon vehicle security software. The solution monitors and protects inter-container communications within next-generation vehicle cockpit systems, particularly on Automotive Grade Linux (AGL) reference platforms.
The solution operates the monitoring function within an isolated container (secure area), detecting and blocking suspicious communications. This protective measure safeguards critical vehicle functions from cyberattacks, meeting security requirements by efficiently detecting and preventing attacks that exploit container communication channels, a common vulnerability vector in virtualized automotive environments.
VicOne's broader automotive cybersecurity portfolio supports the entire vehicle lifecycle, assisting OEMs and Tier 1 suppliers with risk identification, compliance with regulations, mitigation of zero-day vulnerabilities, and secure innovation of AI-powered cockpits and EV charging systems.
Sina Kheirkhah of Summoning Team was crowned the Master of Pwn for 2025, demonstrating the importance of such events in fostering cybersecurity innovation in the automotive sector. VicOne's 2025 annual report predicts that the number of automotive-related vulnerabilities nearly doubled from 2019, reaching 530 reported cases in 2024. Initiatives like Pwn2Own Automotive are crucial for identifying and mitigating these risks in the evolving automotive industry.
In summary, VicOne's latest solutions focus on embedding advanced intrusion detection and prevention capabilities into virtualized vehicle architectures, enhancing multilayered protection of connected vehicles against sophisticated cyber threats revealed by increasing software complexity and connectivity.
- In the rapidly evolving automotive industry, where software-defined vehicles, artificial intelligence, and over-the-air updates are transforming traditional vehicles, the need for robust cybersecurity measures is paramount.
- Given that cyberattacks on the automotive industry caused damages exceeding $22 billion in 2024, primarily from data breaches and personal information leaks, it is essential to have comprehensive security solutions across the supply chain.
- At the 2025 edition of Automotive World, VicOne introduced an advanced cybersecurity solution that integrates with Panasonic Automotive Systems’ VERZEUSE® for Virtualization Extensions Type-3, providing protection for inter-container communications within next-generation vehicle cockpit systems.
- Initiatives like Pwn2Own Automotive, which identifies and mitigates risks in the automotive industry, are crucial for the evolving industry as the number of reported automotive-related vulnerabilities nearly doubled from 2019, reaching 530 cases in 2024.
