SECURITY researchers demonstrated the latest vehicle exploits at Pwn2Own Automotive World 2026 in Tokyo, where NFC allowed a researcher from the Synacktiv team to take over an Autel MaxiCharger AC Elite Home 40A by triggering a buffer overflow.
The event highlighted the continuing vulnerabilities of in-vehicle infotainment systems and EV charging hardware, with 66 unique zero-day vulnerabilities shown in the first two days and nearly a million dollars won in rewards; five in every six attempts succeeded, and about a third suffered collisions. In addition to NFC breaches, some teams compromised devices via Bluetooth or the charging gun itself, and one group managed to breach the Alpitronic HYC50 fast charger used in several countries.
Industry voices suggest IVIs remain a weaker link than mobile platforms, and researchers warn that a vehicle’s maintenance and servicing interfaces are often insufficiently secured, meaning attackers could abuse legitimate tools to gain a foothold. According to Trend AI's Zero Day Initiative, electrification is the clear industry path but the connected EV and charging infrastructure introduces elevated risk, a view echoed by NCC Group researchers. 23 January 2026.