Participated in Pwn2Own Automotive
Demonstrated Security Vulnerabilities
IoT security startup 'Zien' announced on the 3rd that it successfully hacked a vehicle infotainment system at the global hacking competition 'Pwn2Own Automotive 2025.'
Pwn2Own is a global hacking competition hosted by the Zero Day Initiative (ZDI), aiming to identify and improve security vulnerabilities in the automotive industry. Especially as vehicles become massive devices following trends such as electrification, autonomous driving, and electronic components, public and industry interest in Pwn2Own has been growing every year. This year's event was held in Tokyo, Japan, from the 22nd to the 24th of last month.
Participants at the event demonstrated security vulnerabilities in various vehicle devices such as infotainment systems, tethering devices, and diagnostic systems. The discovered vulnerabilities are reported to manufacturers and used to improve the security of actual vehicles.
The Zien research team analyzed the head unit of Kenwood's vehicle infotainment device at the event and successfully demonstrated a command injection attack to hijack system privileges and obtain administrator rights. Specifically, using the hijacked privileges, they conducted further analysis, triggered a memory corruption within the system, and executed system control code to acquire administrator privileges.
Previously, the Zien research team earned the right to participate in Pwn2Own by reporting an unknown vulnerability in IVI (In-Vehicle Infotainment) to the organizers last year. IVI refers to the in-vehicle infotainment system that integrates functions such as navigation, vehicle status monitoring, and phone calls. Since IVI is constantly connected to multiple devices, it is considered a core and vulnerable element of automotive security.
Youngmin Cho, CEO of Zien, stated, "Participating in this Pwn2Own event has been a significant milestone in proving Zien's potential and technological capabilities," adding, "Based on this experience, we will strengthen our position as a technology-leading company in the global market."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
