VicOne, an automotive cybersecurity solutions leader, announced that it co-hosted with Trend Micro the world’s largest zero-day vulnerability discovery contest, Pwn2Own Automotive 2025, at Automotive World, which took place Jan. 22-24 in Tokyo. Top-tier security researchers performed real-world testing on cutting-edge automotive technologies, all within Trend Micro’s proven Zero Day Initiative (ZDI) platform, the world’s largest vendor-agnostic bug bounty program.
Pwn2Own Automotive is an annual competition designed to uncover and rectify vulnerabilities in technologies for connected cars. Automotive cybersecurity researchers from 13 countries came together on a global stage to discover 49 unique zero-day vulnerabilities across systems such as in-vehicle infotainment (IVI) systems and electric vehicle (EV) chargers. Sina Kheirkhah of Summoning Team was crowned the Pwn2Own Automotive 2025 Master of Pwn.
“As SDVs (software-defined vehicles) reshape the automotive industry, cybersecurity becomes critical to ensuring their safety and reliability,” said Max Cheng, chief executive officer of VicOne. “Platforms like Pwn2Own Automotive are instrumental to uncovering zero-day vulnerabilities and mitigating risks before they can escalate. By supporting initiatives like this, the industry can proactively strengthen vehicle security, paving the way for safer and more resilient advancements in mobility.”
The automotive industry is evolving with innovations such as SDVs, advanced driver-assistance systems (ADAS) and integration of artificial intelligence (AI). These developments promise enhanced functionality and efficiency but also introduce cybersecurity challenges, including risks from generative AI, supply-chain vulnerabilities and over-the-air (OTA) updates.
こちらもお読みください: チューリング社、大規模AI向けの視覚データ圧縮技術を開発
According to the forthcoming VicOne 2025 annual report, the total count of automotive-related vulnerabilities (“CVEs”) published in 2024 reached 530 vulnerabilities, another annual gain and just two short of twice as many as in 2019. The sharp rise in vulnerabilities highlights the rapid growth in both the automotive attack surface and automotive systems.
Cyberattacks in 2024 caused damages exceeding $22 billion, with $20 billion attributed to data breaches and personal information leaks, the VicOne annual report will show. Key areas impacted in 2024 included the automobile industry’s suppliers and dealers, who collectively account for the majority of targeted attacks.
Other insights in the report, which is to be released publicly available at vicone.com:
- The automotive industry must adopt a security-first approach, integrating robust defenses, regulatory compliance and collaborative innovations to mitigate risks and secure the future of mobility.
- Supply-chain vulnerabilities will likely dominate cybersecurity events moving forward, with an increase in ransomware and OTA exploitations.
- Emerging threats include AI manipulation, cloud-based attacks and sensor data manipulation in autonomous systems.
At Automotive World 2025, the world’s leading event for advanced automotive technologies convening more than 1,800 companies, VicOne showcased a range of its innovative solutions built from the ground up to protect the connected-car ecosystem:
- xZETA, which offers robust capabilities for tackling software bill of materials (SBOM) and zero-day vulnerabilities
- Smart Cockpit Protection, which leverages AI-driven security to safeguard automotive smart cockpits from data breaches and AI-targeted attacks
- xCarbon, which leverages edge AI processing to analyzes vehicle data in real time, enabling early detection and prevention of cyberattacks on and malfunctions in in-vehicle electronic control units (ECUs)
- xNexus, the Vehicle Security Operations Center (VSOC) support platform
- Various security-related services, including risk analysis using the threat assessment and remediation analysis (TARA) process and Penetration Testing xScope, which uses advanced techniques to identify vulnerabilities, recommends specific improvements, and provides customized reports based on client needs
The VicOne booth at Automotive World 2025 also featured the company’s collaborative initiatives with its partner companies. VicOne’s strategic partnerships include original equipment manufacturers (OEMs), hardware suppliers, semiconductor vendors, software developers and service providers.
Founded and singularly focused on spearheading innovation in vehicle cybersecurity, VicOne, the market leader of automotive cybersecurity, provides the most advanced and comprehensive solutions to the automotive industry and galvanizes collective expertise from the sector’s broadest cast of best-of-breed partners. OEMs and suppliers trust VicOne’s purpose-built solutions to stay ahead of evolving threats and safeguard vehicles, drivers and sensitive data.
ソース ビジネスワイヤー
