Research/Talks - Horror Stories from the Automotive Industry
In this talk, we will revisit some of the scariest stories we faced during more than 50 penetration testing and security research projects, with a twist. In the ever-emerging industry of automotive, with old and new OEMs trying to get a share of the pie, many things are at stake, with many things getting overlooked, forgotten, or even deliberately covered. We will go through a journey of critical findings in different targets and the constant battle between penetration testers, developers, and mid to upper management. This will help the audience get an understanding of how the industry behaves right now, what they (and what we) are doing wrong, and how the future of automotive security should be shaped, not only for the sake of security, but also for the sake of safety and reliability.
This talk will try to raise awareness on the current state of automotive security, how does the industry behave in the whole spectrum of it (100-year-old OEMs to 2-year-old OEMs and Tier 1 suppliers) and ultimately try to propose a way forward for both the automotive and security industries, with the goal being a safer and more reliable future for everyone, in and out of the streets.
-
Presented in TROOPERS23, on June 29th.
-
Presented in Chaos Communication Camp - CCC 2023, on August 12th to 19th.
-
Presented in DeepSec 2023, on November 16th to 17th.
-
Presented as an internal Security Seminar for Bosch, during October 2023.
-
Presented with similar content in the CACS - Conference on Applied CyberSecurity.
- Title: DZIURAWE KOŁA I INNE BARDZIEJ POWAŻNE ZAGROŻENIA DLA ŚWIATA W RUCHU
- Main researcher: Wiktor Sędkowski
- Organizer: Uniwersytet Opolski & Park Naukowo-Technologiczny w Opolu
- Date: 23-25 October 2023