Ken Munro will be presenting: Firmware fails in automotive security
Since our first published car hacking research we have been working closely with Manufacturers, Tier One suppliers, and OEMs to help improve automotive cyber security. One of the biggest issues is with firmware.
In this session we’ll discuss, explain, and demonstrate common firmware security fails:
*How signing and encryption prevents hackers from unpacking your firmware to reverse engineer it and spread malicious updates.
*What unused functionality can mean for vehicle security and driver safety. A serial port, JTAG, telnet, or hidden debug functionality *left behind in production devices can mean big trouble.
*Can devices be updated easily and cost-effectively as and when bugs and vulnerabilities are found?
*Are firmware update mechanisms fit for purpose, or could they themselves brick a vehicle in the process of trying to fix it?
*Is the firmware update mechanism itself secure, or can it be used as a means to attack the vehicle.