Explore the critical aspects of securing connected vehicles in this informative conference talk by Eystein Stenberg, CTO at Mender.io. Delve into the opportunities presented by connected cars, exemplified by Tesla's over-the-air (OTA) software updates, and gain insights into the technical details of the Jeep Cherokee hack. Learn best practices for delivering secure OTA software updates with failover management, and understand the anatomy of cyber attacks on connected vehicles. Discover strategies to reduce attack surfaces, implement timely security patching, and navigate the complexities of updating connected devices. Gain valuable knowledge on preparing for the future of software-defined cars and effectively responding to potential security breaches in the automotive industry.
Securing the Connected Car - Opportunities and Security Risks
Overview
Syllabus
Intro
Session overview
Software defined car: New revenue streams
Cost savings by using open source platforms
The software defined car requires OTA updates
Jeep Cherokee hacked in July 2015
Jeep Cherokee Head Unit with Wifi
Wifi-based breach: Short-range
The Controller Area Network (CAN) bus
Putting it together
More complexity leads to larger attack surface
Security patching is done too late
Why security patching happens too late
Patching connected devices is harder
Generic embedded updater workflow
Choice of update type has tradeoffs
Strategies to reduce the risk of bricking
Prepare for securing the software defined car
The best way to respond to hacking?
Taught by
Linux Foundation
