Research/Talks - Need For Speed: The Fight of Ownership
While the automotive industry starts to realize the mistakes of the past, penetration testers, researchers and automakers strive to create impenetrable vehicle components, with the ultimate purpose being safer streets inside and outside of our vehicles. However, as desirable as this can be, it had an impact in other aspects of the automotive landscape, notably in terms of privacy and ownership, out of many.
Tuners and car enthusiasts, while they might have no direct connection to cyber security, they have significantly contributed to vehicle vulnerabilities and exploitation over the years. Their pursuit of maximizing vehicle performance predates the existence of cybersecurity regulations within the industry, such as the recent R155. But now, we reach a point where connectivity is a necessity by regulators, manufacturers, and suppliers, mainly for software updates and maintenance, but also for monitoring and control over the fleet and its users.
In this talk, we will go through the fascinating and longstanding history of tuning from a cyber security perspective, analyze some real-life examples which will help us understand the similarities between tunning and automotive cyber security, and see what can be the future (if any) of tuning. We will continue with an overview of the current state of privacy in the automotive world, and we will conclude, with our perspective on the topic, result of more than 100 penetration tests in the automotive industry, and how we believe that tunning and robust security can co-exist, for a safer future with maintained privacy and ownership of our devices.
Presented in TyphoonCon 2024, on May 31st, 2024, in Seoul, South Korea.
Recordings of the talk will not be published, due to the legal restrictions.