A Stepping Stone To Car Hacking

This talk discusses the less known side of automotive cyber security - the ecosystem that allows OEMs to interact, calibrate, collect usage data and keep updated the car’s Electronic Control Units (ECUs). We will explain the architecture of the ecosystem, analyze it’s potential flaws and their implications on currently deployed ecosystems.

In recent years the security community started paying great attention to the weird machines that take people from A to B. These behemoths are filled with “intelligent” digitized decision-making devices which are responsible for the car’s proper functionality and, consequently, our physical well being. While great deal of research was invested in the traditional attack vectors targeting these devices, the ecosystem managing and interacting with them was not thoroughly examined. It’s time to take a look at the big picture.

In this talk we explain the ecosystem in which automotive vendors interact with car ECUs. We will discuss the various attack vectors against each component in the ecosystem and the implication regarding the other components. We will also explore possible complications of this ecosystem’s vulnerabilities.

Finally, we will publish our research methods and some of our tools. We will also share some tips and insights from our on-going research.