Tesla’s Wall Connector electric vehicle (EV) charger was hacked twice on the second day of the Pwn2Own Automotive 2025 hacking contest in Tokyo.
The event, organized by Trend Micro’s Zero Day Initiative (ZDI), also saw 23 other zero-day vulnerabilities exploited in EV chargers and in-vehicle infotainment (IVI) systems.
The PHP Hooligans team hacked Tesla’s Wall Connector first, using a zero-day bug to crash it. Their exploit earned them the maximum reward of $50,000.
Shortly after, Synacktiv, a team known for targeting Tesla at these events, demonstrated a never-before-seen approach by hacking the charger through its charging connector which secured them $45,000.
Two other teams also compromised the charger, though their exploits involved known vulnerabilities.
PCAutomotive earned $22,500 while Sina Kheirkhah of the Summoning Team used a two-bug exploit chain to claim $12,500.
These “bug collisions” show that even patched vulnerabilities can remain a threat if not fully addressed.
Other Targets at Pwn2Own
It wasn’t just Tesla’s charger that got hacked. EV chargers from WOLFBOX, ChargePoint, Autel, Phoenix Contact, and EMPORIA were also compromised, along with IVI systems from Alpine, Kenwood, and Sony.
What This Means for Tesla and EV Security
While Tesla’s OTA updates allow quick fixes, the exploits at Pwn2Own show that cybersecurity threats are always evolving.
For EV owners, this is a reminder to keep software and firmware up to date.
Manufacturers like Tesla will need to stay ahead by working closely with cybersecurity researchers to patch vulnerabilities before they can be exploited in the real world.
Patching and Prevention
After the contest, vendors like Tesla have 90 days to release fixes before the vulnerabilities are made public. This gives them time to patch flaws before malicious actors can take advantage.
The company has previously patched vulnerabilities identified in similar contests and is expected to do the same with these latest discoveries.
The Bigger Picture
The Pwn2Own Automotive 2025 competition, held during the Automotive World conference in Tokyo, awarded a total of $335,500 on its second day for 23 zero-day exploits combined with the $382,750 awarded on the first day, the event has already distributed over $700,000 in prizes.
Last year’s contest saw researchers earn $1,323,750 for hacking Tesla twice and exploiting 49 zero-day bugs.
We’ve launched an official Tesla Owners Online Forum. Join early and claim your "Founding Fuel" badge.
