Full Report
Security researchers hacked Tesla's Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. [...]
Analysis Summary
# Incident Report: Pwn2Own Tokyo Tesla EV Charger Exploitations
## Executive Summary
During the Pwn2Own Tokyo competition, security researchers successfully exploited vulnerabilities in a Tesla EV charger on two separate occasions over the second day of the event. The exploits demonstrated remote code execution capabilities, resulting in control over the device's firmware and the ability to alter its behavior. The incidents, which were part of a public hacking contest, resulted in financial awards for the researchers following successful demonstrations.
## Incident Details
- **Discovery Date:** Day 2 of Pwn2Own Tokyo (Specific date not provided in the abstract)
- **Incident Date:** Day 2 of Pwn2Own Tokyo (Specific date not provided in the abstract)
- **Affected Organization:** Tesla (Target of the successful exploits)
- **Sector:** Automotive / Energy Infrastructure
- **Geography:** Tokyo, Japan (Location of the Pwn2Own event)
## Timeline of Events
### Initial Access
- **Date/Time:** During Day 2 of Pwn2Own Tokyo
- **Vector:** Vulnerabilities within the Tesla EV charger's system (Firmware/Software components).
- **Details:** The first successful exploit achieved remote code execution. A second, separate exploit was also demonstrated successfully shortly thereafter.
### Lateral Movement
- *Not explicitly detailed in the context, as the focus was on compromising the charger unit itself.*
### Data Exfiltration/Impact
- **Impact:** Successful execution of arbitrary code on the EV charger, demonstrating control over the device's firmware. The goal was likely functional control or disruption, typical of Pwn2Own objectives, rather than traditional data exfiltration.
### Detection & Response
- **How it was discovered:** The vulnerabilities were demonstrated by researchers in a controlled, public competition setting (Pwn2Own Tokyo).
- **Response actions taken:** Tesla/the involved parties were notified of the vulnerabilities, and the winning teams were awarded prize money.
## Attack Methodology
- **Initial Access:** Exploitation of zero-day or undisclosed vulnerabilities residing in the software/firmware of the Tesla EV charger unit.
- **Persistence:** *Not detailed; focus was on successful execution during the contest.*
- **Privilege Escalation:** *Implied by the ability to control firmware, suggesting high-level access was achieved.*
- **Defense Evasion:** *Not detailed.*
- **Credential Access:** *Not applicable/detailed.*
- **Discovery:** *Not applicable (controlled environment testing).*
- **Lateral Movement:** *Not applicable/detailed.*
- **Collection:** *Not applicable/detailed.*
- **Exfiltration:** *Not applicable; focus was RCE/control.*
- **Impact:** Remote Code Execution (RCE) leading to control over the charger's operational functions.
## Impact Assessment
- **Financial:** Tesla paid prize money to the researchers who successfully demonstrated the exploits during the Pwn2Own competition.
- **Data Breach:** No indication of customer or corporate data breach. The impact was on device integrity and control.
- **Operational:** Potential for disruption of EV charging service if exploits were deployed maliciously outside the contest setting.
- **Reputational:** Minor negative impact due to public disclosure of vulnerabilities, though mitigated somewhat by the responsible disclosure nature of the Pwn2Own contest.
## Indicators of Compromise
- *Specific IOCs (IPs, domains, hashes) were not provided in the context.* The indicators would relate to the specific network traffic or binary artifacts associated with the successful RCE exploit chain.
## Response Actions
- **Containment measures:** Not applicable within the context of a controlled contest, but implied remediation work would follow disclosure.
- **Eradication steps:** Implied patching/firmware update to address the root cause vulnerabilities.
- **Recovery actions:** Testing and deployment of patched firmware to the EV charger fleet.
## Lessons Learned
- **Key takeaways:** Modern IoT/connected devices, such as EV chargers, present significant attack surfaces that require rigorous, continuous security testing. Flaws leading to RCE are critical, even in ancillary infrastructure.
- **What could have been done better:** Proactive discovery and patching of these vulnerabilities prior to public contest disclosure are desirable (though expected outcome of such contests is to find them).
## Recommendations
- Implement mandatory security hardening and bug bounty programs targeting embedded systems like EV chargers.
- Increase sandboxing and segmentation between the charger's network interface and critical internal components.
- Accelerate firmware patch deployment cycles for connected infrastructure components following vulnerability discovery.