A Brief History of Automotive Insecurities

Presented at May Contain Hackers (MCH2022), July 24, 2022, 1 p.m. (50 minutes)

Automotive hacking hasn't started with Miller/Valasek in 2015 - and it hasn't ended with it, either. This talk will give an overview of automotive insecurities of the past ~10 years, a brief history of some kind. I will also provide an outlook on what the future on four wheels might hold, security-wise. This talk will give an exhaustive overview of all the automotive hacks in the past 10 years, and analyze the technical issues and vulnerabilities that have been exploited. Ranging from the automotive hacking papers in the early 2010-ies by US researchers, towards the infamous Miller/Valasek presentations starting 2015, the magic work of KeenLabs and 360 Group, and covering comma.ai, the different Tesla hacks, entry system relay attacks and the recent ADAC study, towards AI-confusion attacks. I will try to analyze the underlying vulnerabilities, how they can be (respectively are already) prevented in modern vehicles, and what the future holds. I will also present the implications of the upcoming ISO 21434 & the impact it has on the automotive development lifecycle, as well as the upcoming CCC protocol for unlocking a car with your smartphone.

Presenters:

• Martin Schmiedecker   as Martin
  Automotive security by day, forensic investigator by night. Tor and applied privacy in between. Random babbling as @Fr333k. Not sure what else to write, the 250 character limit is tough. I hope my person is the least interesting thing about my participation/presentation :)

Links:

• https://program.mch2022.org/mch2021-2020/talk/TVYLPH/

Similar Presentations:

• Kawaiicon (2019) / Automotive Control Systems Security: Where and I going and why am I in this handbasket?
• Black Hat USA 2014 / A Survey of Remote Automotive Attack Surfaces
• BSidesLV 2015 / State of Automotive Cyber Safety