$60,000 for a 2-bug chain to exploit the Autel MaxiCharger: RCE via Bluetooth plus authentication bypass. ⛽🔵🦷💥🔫

A group of security researchers - Vincent Fargues, Aymeric Palhière, Thomas Imbert, and David Bérard - shared the details of their success in the 2024 Pwn2Own competition. The team demonstrated a chain of two vulnerabilities in the BLE (Bluetooth Low Energy) protocol that allowed unauthenticated remote code execution (RCE) on the charger.

A quite interesting approach to security research (hardware + Android app + software), with impressive results and a well-deserved prize — the paper is highly recommended for both hardware and Android security specialists.

Enjoy the read and please share!

More details:

Juicing Up the Autel EV Charger: Insights from Pwn2Own Automotive [PDF]: https://www.synacktiv.com/sites/default/files/2024-08/sthack_2024_pwn2own_automotive_autel.pdf