Securing the Connected Car: Opportunities, Risks, and Best Practices

Explore the critical aspects of securing connected vehicles in this 43-minute conference talk by Eystein Stenberg, Product Manager at Mender.io. Delve into real-world examples of connected car opportunities, including Tesla's over-the-air updates and their impact on accident reduction. Examine the technical details of the Jeep Cherokee hack, learning how attackers gained remote control and what steps can be taken to mitigate such risks. Discover best practices for implementing secure over-the-air software updates with failover management. Gain insights from Stenberg's extensive experience in security and systems management, covering topics such as the anatomy of car hacks, the importance of timely security patching, and strategies to reduce attack surfaces in increasingly complex automotive systems.

Intro
About me
Session overview
Software defined car: New revenues
Cost savings by using open sour
The software defined car requires OTA updates
Jeep Cherokee hacked in July 2015
Jeep Cherokee Head Unit with Wifi
Wifi-based breach: Short-range
Cellular-based breach: Country-wide
CAN bus
Putting it together
The Controller Area Network (CAN) bus
More complexity leads to larger attack surface
Security patching is done too late
Why security patching happens too late
Patching connected devices is harder
Embedded client patching process Overview
Choice of update type has tradeoffs
Strategies to reduce the risk of bricking
Prepare for securing the software defined ca