Security researchers have successfully hacked a Tesla infotainment system during this week’s Pwn2Own Automotive, earning a cash reward of $35,000.
The exploit was carried out by the Synacktiv team, which chained together multiple zero-day vulnerabilities. The researchers gained access to the Tesla system through a USB-based attack, according to conference organisers.
In a separate demonstration, the same team also compromised a Sony XAV-9500ES digital media receiver. That successful attack earned the group an additional $20,000 in prize money.
The results underline growing concerns about the security of modern vehicle infotainment systems. Despite advanced protections, researchers showed that these platforms remain vulnerable to sophisticated attacks.
‼️Tesla was hacked by researchers who chained two vulnerabilities resulting in total control of Tesla's infotainment system
Researchers earned a total of $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition. pic.twitter.com/iUlEZGskaK
— International Cyber Digest (@IntCyberDigest) January 21, 2026The third annual Pwn2Own Automotive event, organised by the Zero Day Initiative, is currently underway in Tokyo. This year’s competition has drawn 73 security teams from around the world.
Within the first 24 hours alone, researchers earned more than $500,000 in prizes, according to reporting by PCMag citing BleepingComputer. Tesla vehicles remain a primary focus of the event due to their complex software ecosystems.
Several teams have demonstrated exploits that allowed unauthorised access to vehicle systems through infotainment platforms and charging hardware.
Security researchers have hacked the Tesla Infotainment System and earned $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition.https://t.co/OF8IBNGW90
— BleepingComputer (@BleepinComputer) January 21, 2026In another notable case, the Fuzzware.io group successfully compromised the Autel MaxiCharger, earning a $50,000 reward. Other teams breached the Phoenix Contact charging connector and the Grizzl-E Smart charger.
Fuzzware emerged as the top-performing team on the first day, securing $118,000 in prize money.
Despite the strong start, it remains unclear whether total payouts in 2026 will match previous years. The 2024 event distributed more than $1.3 million in bounties, while the 2025 edition awarded $886,000.
So far, the 2026 competition has paid out $516,500 in prizes. Organisers say the findings will help automakers strengthen digital security and reduce real-world risks for connected vehicles.
