Phoenix Contact was once again represented at the renowned Pwn2Own Automotive 2026 security competition in Tokyo this year. For the third time in a row, the AC charging controller CHARX control modular was nominated as an official target device – a clear sign of the technical significance and security quality that our products are accorded in the international research community.
2026 was also a special year: for the first time, Robin Pape, Product & Solution Security Expert (PSSE), accompanied the competition on site. He observed the attempts against our controller, analyzed attack chains, and ensured clean, responsible documentation throughout the coordinated disclosure process for the further development of our cybersecurity processes at Phoenix Contact E-Mobility.
Why Pwn2Own is different from traditional security tests
Pwn2Own differs significantly from traditional security tests.
In contrast to a regular penetration test, in which individual teams work with a clearly defined task, here several highly specialized security researcher teams compete against each other, each using completely different methods and approaches to compromise our charging controller.
In addition, the competition rules provide strong incentives to search as deeply as possible for unknown attack vectors: “The Pwn2Own rules, which award less prize money for vulnerabilities found multiple times , incentivize security researchers to explore different attack vectors and ‘dig deep’ in order to find vulnerabilities that may have been overlooked by other teams.”
This structure makes the Pwn2Own event one of the most valuable platforms worldwide for gaining new security-related insights for your own products.
High level of professionalism among security researchers
The live demonstrations in Tokyo impressively showed how precisely and carefully the research teams work. Many arrived with complete attack chains for several target devices. This shows that without intensive preparation, a spontaneous, targeted attack on the target devices in this year’s competition would not have been possible at all.
Robin sums up the professionalism of the event as follows: “I had the impression that the teams were all very well prepared. Most of them had exploits for multiple targets in their luggage. A lot of preparation time went into this. The findings were not random hits, but the result of highly professional work by talented and experienced security researchers.”
Lab mode instead of reality – and still extremely valuable
“The AC charging controller CHARX control modular was used in ‘lab mode’ at Pwn2Own. This means it was set up openly with direct access to all interfaces, which is very different from normal use in a charging station. The setup therefore does not correspond to the reality in the field. Certain features were deliberately activated in advance. These are disabled by default in normal operation and are actually only intended for configuration purposes.” – Robin Pape
This confirms that the requirements at Pwn2Own go beyond normal field conditions, but precisely for this reason provide extremely valuable insights for our Product & Solution Security Expert Robin Pape.
Positive feedback and new ideas from the community
The feedback on how vulnerabilities found in previous years were handled was particularly gratifying. Both the security researchers and Trend Micro praised Phoenix Contact’s professionalism, transparency, and responsiveness in this regard.
“We were able to take away many valuable suggestions that will be incorporated into the further improvement of the cybersecurity of our products – so that we are well equipped to deal with threats in the future.” – Robin Pape
Conclusion: A competition that makes us stronger
Participation in Pwn2Own Automotive 2026 once again confirms the value of collaboration with the global security community.
We gain early insight into potential vulnerabilities, continuously improve our security architecture, and strengthen the robustness of our products – long before threats become relevant in the field. The issues identified are incorporated into a structured analysis and solution process. In accordance with Phoenix Contact’s established cybersecurity processes, we will provide updates via the CERT@VDE platform.
We are grateful for the open exchange with the TrendAI Zero Day Initiative (ZDI) and the many strong market players who were also present. Special thanks go to the creativity and perseverance of security researchers from around the world. Together, we are able to stand up for safe mobility and continue to drive it forward.
One thing is also clear: our products are technically top-of-the-line. And we take every opportunity to improve them further.
FAQ
Frequently asked questions
What is the Pwn2Own Automotive competition?
Pwn2Own Automotive is an internationally recognized security competition in which security researchers attempt to attack connected vehicles, charging infrastructure, and automotive components in a targeted manner. The aim is to uncover previously unknown vulnerabilities in order to improve the cybersecurity of products at an early stage. The 2026 competition took place in Tokyo, Japan.
Why does Phoenix Contact participate in Pwn2Own Automotive?
Phoenix Contact uses Pwn2Own Automotive to have its charging solutions tested under extremely demanding conditions. Several independent, highly specialized teams attack our charging controller – much more intensively than in a classic penetration test. This gives us early indications of possible vulnerabilities and allows us to continuously improve the security of our products and processes.
Is the test setup at Pwn2Own realistic for use in the field?
The charging controller is tested in what is known as lab mode: openly structured, with direct access to all interfaces. In addition, some functions are activated that are deactivated in regular charging station operation or are only used for configuration. The setup is therefore deliberately more stringent than real field conditions – but that is precisely why it provides particularly in-depth security-related insights.
Discover suitable products now
Here you will find a selection of relevant products – based on the topics and recommendations from our blog post.
