Offense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent

Size: px
Start display at page:

Download "Offense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent"

Transcription

1 Offense & Defense in IoT World Samuel Lv Keen Security Lab, Tencent

2 Keen Security Lab of Tencent Wide coverage of software and hardware security research Mainstream PC & Mobile Operating Systems Mainstream PC & Mobile Internet Applications Cloud Computing & Virtualization Connected Vehicles & IoT Devices 3 Android 17 Pwn2Own winners Universal ROOT Research 3 Pwn2Own 4 ios 2Tesla Remote Hacking Research Master of Pwn Jailbreak Research 1 BMW 1 Champions 7 Blackhat Pwnie Award Nominations of Qiangwang Cup and Wangding Cup Remote Hacking Research

3 Cyber-Security, a Big Challenge to Connected Car OEMs FCA JEEP was hacked remotely by hackers. The hackers demonstrated unauthorized remote controls to JEEP. Security vulnerabilities of different modules, including TSP, Telecom Network, Head Unit etc. were reported to Chrysler. Impact: FCA recalled 1.4 million of JEEP sold in North America Hackers hijacked OnStar mobile APP and demonstrated unauthorized remote controls such as unlocking door, starting engine, tooting horn etc. The issue was related to the security vulnerability in OnStar mobile APP and TSP modules. Impact: OnStar released an urgent security fix Nissan LEAF EV car mobile APP was hijacked. The hacker realized unauthorized remote controls to switch on the air-condition, flash lights etc. Security vulnerabilities in LEAF mobile APP and TSP modules caused the issue. Impact: Nissan temporarily shut down the remote control services from TSP and Keen Lab first time worldwide built the full attack chain to prove that Tesla could be hacked remotely and realized unauthorized remote controls in both parking mode and driving mode. The full attack chain successfully exploited the security vulnerabilities in in-vehicle browser, head unit OS, CAN gateway, CAN protocols and critical ECU modules. Impact: After getting Keen Lab s detailed disclosure, Tesla issued a bunch of urgent patches within 10 days and pushed the patches to variant models of Tesla cars worldwide.

4 Easy to Attack, Hard to Hold! Connected Car Security Needs Holistic View! N Attack Surfaces rd party CP Services IV APPs 6 7 WiFi Hotspot BlueTooth USB OEM TSP OEM backend Services T-Box 1 3 Internet Services/Content 1 OBDII Infotainment OS 8 Gateway 1 4 Charging Station 1 2 BT Key V2X Mobile APP User Portal CAN BUS & ECUs ADAS 1 6

5 Keen Lab Offense Research

6 Technical Overview: Tesla Remote Hacking Research WebKit Browser Vehicle Control Cellular/WiFi Cellular: Phishing with malicious URLs WiFi: Malicious hotspot Browser auto connect behavior OTA Update Service (VPN) Radio Cellular Ubuntu ARMv7 CID Other Services Ethernet Bluetooth TCP/UDP IC (Ubuntu) Gateway (RTOS) WiFi (Linux) ABS PAM ESP... CH CAN Bus Body CAN Bus DDM PDM HVAC... In-Vehicle Network Browser Linux Kernel Gateway CAN Multiple vulnerabilities with exploits to get code execution ability Vulnerability with exploit to escalate system privilege and disable AppArmor to get Linux ROOT permission Bypass code integrity check and patch gateway firmware Send malicious CAN messages on arbitrary CAN channels

7 Tesla Recognitions to Keen Lab Research Highest reward to security researchers in Tesla history Tesla Remote Hacking 2016 Research Video Tesla Remote Hacking 2017 Research Video

8 Technical Overview: BMW Remote Hacking Research 1 2 Software Defined Radio Platform Simulated GSM Network 3 BMW Car 5 4 CAN Network Central Gateway T-Box

9 BMW Group Recognitions to Keen Lab Research 1 st BMW Group Digitalization and IT Research Award The BMW Group is convinced that the study presented constitutes by far the most comprehensive and complex testing ever conducted on BMW Group vehicles by a third party. - BMW Group Press Release, May 22 nd 2018

10 Keen Lab Defense Work

11 Keen Lab IoT Security Solutions Detect, Mitigate, Prevent the REAL Attacks to IoT Mitigations Devices Sandboxing System Hardening SoC Detections APP IoT Firmware Preventions Security Analyzers

12 ECU Tbox IVI Ports ECU Passenger Gateway Kernel ECU

13 ECU Tbox IVI Ports Step 1: Luring into a malicious wifi ECU Passenger Gateway Kernel ECU

14 ECU Tbox IVI Step 2: Pwn an application Ports ECU Passenger Gateway Kernel ECU

15 ECU Tbox IVI Ports ECU Passenger Gateway Kernel Step 3: Pwn the kernel and get full control ECU

16 ECU Tbox IVI Ports ECU Step 4: Hack the gateway Gateway Passenger Kernel ECU

17 ECU Tbox Step 5: Send CAN packets and have fun! IVI Ports ECU Passenger Gateway Kernel ECU

18 Mitigation: Android/Linux System Hardening SoC Agent Benign App Malicious/ Compromised App User Filtering Kernel Module Policy Hotspot#1 Hotspot#2 Hotspot#3 Hotspot#4

19 Filter Mitigation: Sandboxing Application Isolated Process User Data Core Logic Host Proxy Web Engine App Sandbox GPU Proxy IO Proxy Life-cycle Proxy System Service Proxy

20 Detection: IoT/Vehicle SoC Kernel is important, but not the only one USB devices SMS, Wi-Fi, Bluetooth OTA packages Awareness is just as important as intervention A security operation center to Monitor Assess Defend Defeat sophisticated attacks Big data Cloud-side policies

21 Prevention: APP Security Analyzer

22 Prevention: IoT Firmware Security Analyzer Source (Opt) Firmware Unpacker App/System Config Source Analyzer Static Analyzers Dynamic Analyzers VM-based Fuzzer Bug Report Report

23 Cybersecurity Collaborations with Industries Joint-Research: Security for Future Autonomous Driving Intrusion Detection Backend AI/ML Analysis Engine Device Virtualization Expert Services: Battlefield Offense and Defense Practices In-Depth Security Trainings Security Advisory on Security Practices and Implementations Penetration Test (Devices, Backend, Mobile APP, accessories ) Technical Consulting on Security/Incident Response Defense Solutions: Mitigations, Detections & Preventions Android/Linux System Security Hardening Security Operations Center (Instruction Detection Service) Sandbox Mitigation Backend/Cloud Services Protections Security Testing Tools and Automations

24 THANKS!

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Agenda Nexus of Safety and Cybersecurity Separation and Connectivity Trends in Aerospace Cybersecurity Isn t Security

More information

The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA

The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA The Remote Exploitation of Unaltered Passenger Vehicles Revisited 20 th October 2016 Mark Pitchford, Technical Manager, EMEA Today s hot topic A few years ago, Lynx presentations at events such as this

More information

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Automotive Anomaly Monitors and Threat Analysis in the Cloud Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications

More information

Turbocharging Connectivity Beyond Cellular

Turbocharging Connectivity Beyond Cellular Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Turbocharging Connectivity Beyond Cellular Scott Beutler, Head of Interior Division

More information

Experimental Security Assessment of BMW Cars: A Summary Report

Experimental Security Assessment of BMW Cars: A Summary Report Experimental Security Assessment of BMW Cars: A Summary Report 1. Introduction... 1 2. Research Description... 2 2.1 Infotainment System... 3 2.1.1 USB Interface... 5 2.1.2 E-NET over OBD-II... 6 2.1.3

More information

Presentation's title

Presentation's title 3 rd April 2017 B03 -In-vehicle technology enabler Presentation's title Dominique Bolignano CEO Prove & Run dominique.bolignano@provenrun.com Introducing myself and Prove & Run Dominique Bolignano, previously

More information

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT

More information

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled

More information

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Securing the Connected Car. Eystein Stenberg CTO Mender.io Securing the Connected Car Eystein Stenberg CTO Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled Software defined

More information

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division Cybersecurity is not one Entry Point Four Major Aspects of Cybersecurity How

More information

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC W I N D R I V E R H E L I X C H A S S I S SIMPLIFYING THE WIND RIVER HELIX CHASSIS Helix Chassis brings together software, technologies, tools, and services to help automotive manufacturers unify, simplify,

More information

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased

More information

Car hacks 2018 (BMW, Audi) for the "not so hands-on"

Car hacks 2018 (BMW, Audi) for the not so hands-on Car hacks 2018 (BMW, Audi) for the "not so hands-on" Computest (VW/Audi) published their research on the VW/Audi vulnerabilities and Keen Security Lab (BMW) published theirs on BMW. Even though the OEMs

More information

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cars are becoming complex (and CAV is only part of it) 1965: No

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

How Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec.

How Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec. How Security Mechanisms Can Protect Cars Against Hackers Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec. 3 rd 2015 Driver s Fears Are Being Fueled by Recent News ConnectedCars, new opportunies

More information

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection

More information

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security In less than a year, 100s of millions connected cars Aftermarket connectivity most prevalent

More information

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego Steve Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage (UCSD) Karl Koscher,

More information

Open Source in Automotive Infotainment

Open Source in Automotive Infotainment Open Source in Automotive Infotainment Taeyong Kim (ty.kim@windriver.com) Services & Solutions Wind River Systems 2015 Wind River. All Rights Reserved. Why using Open Source in IoT? Internet of Things

More information

13W-AutoSPIN Automotive Cybersecurity

13W-AutoSPIN Automotive Cybersecurity 13W-AutoSPIN Automotive Cybersecurity Challenges and opportunities Alessandro Farsaci (CNH industrial) Cosimo Senni (Magneti Marelli) Milan, Italy November 12th, 2015 Agenda Automotive Cybersecurity Overview

More information

Connected Cars as the next great consumer electronics device

Connected Cars as the next great consumer electronics device Connected Cars as the next great consumer electronics device Sanjay Khatri Head of Platform Product Marketing Cisco Jasper 1992 2016 Cisco Systems, Inc. All rights reserved. Connected Cars: The next great

More information

Securing the future of mobility

Securing the future of mobility Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need

More information

Automotive Cyber Security

Automotive Cyber Security Automotive Cyber Security Rajeev Shorey (Ph.D.) Principal Scientist TCS Innovation Labs Cincinnati, USA & Bangalore, India Copyright 2013 Tata Consultancy Services Limited Connected Vehicles Chennai, 18

More information

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM 1 SRIFY: A COMPOSITIONAL APPROACH OF BUILDING SRITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Reasoning with Untrusted Components

More information

Heavy Vehicle Cyber Security Bulletin

Heavy Vehicle Cyber Security Bulletin Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

Vehicle & Transportation Infrastructure Cyber Security Discussions. IQMRI

Vehicle & Transportation Infrastructure Cyber Security Discussions. IQMRI Vehicle & Transportation Infrastructure Cyber Security Discussions IQMRI Guy.Rini@iqmri.org Michael.Dudzik@iqmri.org IQM Research Institute IQMRI created in response to the structural changes in delivery

More information

IC32E - Pre-Instructional Survey

IC32E - Pre-Instructional Survey Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into

More information

Protect Your Organization from Cyber Attacks

Protect Your Organization from Cyber Attacks Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers

More information

EC-Council C EH. Certified Ethical Hacker. Program Brochure

EC-Council C EH. Certified Ethical Hacker. Program Brochure EC-Council TM C EH Program Brochure Target Audience This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the

More information

Countermeasures against Cyber-attacks

Countermeasures against Cyber-attacks Countermeasures against Cyber-attacks Case of the Automotive Industry Agenda Automotive Basics ECU, domains, CAN Automotive Security Motivation, trends Hardware and Software Security EVITA, SHE, HSM Secure

More information

Advanced Diploma on Information Security

Advanced Diploma on Information Security Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic

More information

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security

More information

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle Conquering Complexity: Addressing Security Challenges of the Connected Vehicle October 3, 2018 Securely Connecting People, Applications, and Devices Ted Shorter Chief Technology Officer CSS Ted.Shorter@css-security.com

More information

Linux in the connected car platform

Linux in the connected car platform Linux in the connected car platform Background Long time desktop Linux user Designed several capes for the BeagleBone Black Currently an Embedded engineer for Dialexa What is a connected car anyway? A

More information

Car Hacking for Ethical Hackers

Car Hacking for Ethical Hackers Car Hacking for Ethical Hackers Dr. Bryson Payne, GPEN, CEH, CISSP UNG Center for Cyber Operations (CAE-CD) 2016-2021 Languages Leadership Cyber Why Car Hacking? Internet-connected and self-driving cars

More information

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia Kaspersky Cloud Security for Hybrid Cloud Diego Magni Presales Manager Kaspersky Lab Italia EXPERTISE 1/3 of our employees are R&D specialists 323,000 new malicious files are detected by Kaspersky Lab

More information

VEHICLE FORENSICS. Infotainment & Telematics Systems. Berla Corporation Copyright 2015 by Berla. All Rights Reserved.

VEHICLE FORENSICS. Infotainment & Telematics Systems. Berla Corporation Copyright 2015 by Berla. All Rights Reserved. VEHICLE FORENSICS Infotainment & Telematics Systems Berla Corporation 2015 WELCOME Company Overview Infotainment & Telematics Systems Overview of Potentially Acquirable Data ive Software/Hardware ABOUT

More information

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107) Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

RiskSense Attack Surface Validation for IoT Systems

RiskSense Attack Surface Validation for IoT Systems RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing

More information

Handling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016

Handling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016 Handling Top Security Threats for Connected Embedded Devices OpenIoT Summit, San Diego, 2016 Jeep Cherokee hacked in July 2015 Presented at Black Hat USA 2015 Charlie Miller Chris Valasek Remote exploit

More information

The Future of Mobility

The Future of Mobility The Future of Mobility Christoph Wagner The best way to predict the future is to design it. Buckminster Fuller The Future of Mobility Automated Connected Electrified Secured smooth traffic Early warning

More information

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING

More information

Securing the SMB Cloud Generation

Securing the SMB Cloud Generation Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product

More information

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should

More information

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging

More information

Automotive Gateway: A Key Component to Securing the Connected Car

Automotive Gateway: A Key Component to Securing the Connected Car Automotive : A Key Component to Securing the Connected Car Introduction Building vehicles with gateways electronic devices that enable secure and reliable communications among a vehicle s electronic systems

More information

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering

More information

Symantec Ransomware Protection

Symantec Ransomware Protection Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway

More information

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services.  #truecybersecurity Kaspersky Enterprise Cybersecurity Kaspersky Security Assessment Services www.kaspersky.com #truecybersecurity Security Assessment Services Security Assessment Services from Kaspersky Lab. the services

More information

Medical Device Safety in a Connected World

Medical Device Safety in a Connected World Mr. Clark Fortney Senior Software Engineer Medical Device Safety in a Connected World IoT Expo June 6-8 2017 1 Clark Fortney My Background 20 years designing systems & software for medical devices at Battelle.

More information

OTA-On-Demand (OOD) Services with AGL

OTA-On-Demand (OOD) Services with AGL Automotive Linux Summit 2018 June 20-22, 2018, Tokyo, Japan OTA-On-Demand (OOD) Services with AGL Stefan Aust Manager NEC Communication Systems, Ltd. 1 NEC Corporation 2018 Content 1. Self-introduction

More information

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017 Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution

More information

System-level threats: Dangerous assumptions in modern Product Security. Cristofaro

System-level threats: Dangerous assumptions in modern Product Security. Cristofaro System-level threats: Dangerous assumptions in modern Product Security Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid Me Cristofaro Mune (@pulsoid) - Product Security Consultant/Researcher - Keywords:

More information

Security Concerns in Automotive Systems. James Martin

Security Concerns in Automotive Systems. James Martin Security Concerns in Automotive Systems James Martin Main Questions 1. What sort of security vulnerabilities do modern cars face today? 2. To what extent are external attacks possible and practical? Background

More information

Automotive Linux Summit 2017 May 31-June 2, 2017, Tokyo, Japan Advances and challenges in remote configuration of connected cars

Automotive Linux Summit 2017 May 31-June 2, 2017, Tokyo, Japan Advances and challenges in remote configuration of connected cars Automotive Linux Summit 2017 May 31-June 2, 2017, Tokyo, Japan Advances and challenges in remote configuration of connected cars 2017/6/2 NEC Communication Systems, Ltd. New Technology Development Group

More information

IoT Security for Critical Information Infrastructures. Andrey Tikhonov

IoT Security for Critical Information Infrastructures. Andrey Tikhonov IoT Security for Critical Information Infrastructures Andrey Tikhonov Impact 2 THE SCALE OF EVENTS Weapons of Mass Destruction Extreme weather events Natural Disasters Cyber Attacks Climate Change Likelihood

More information

Security enhancing CAN transceivers. Bernd Elend Principal Engineer March 8 th, 2017

Security enhancing CAN transceivers. Bernd Elend Principal Engineer March 8 th, 2017 Bernd Elend Principal Engineer March 8 th, 2017 Introduction: SECURITY REQUIRES A LAYERED APPROACH NXP s 4 + 1 Layer approach for vehicle cyber security: Multiple security techniques, at different levels

More information

The Value of Automated Penetration Testing White Paper

The Value of Automated Penetration Testing White Paper The Value of Automated Penetration Testing White Paper Overview As an information security expert and the security manager of the company, I am well aware of the difficulties of enterprises and organizations

More information

Risk-based design for automotive networks. Eric Evenchik, Linklayer labs & Motivum.io Stefano Zanero, Politecnico di Milano & Motivum.

Risk-based design for automotive networks. Eric Evenchik, Linklayer labs & Motivum.io Stefano Zanero, Politecnico di Milano & Motivum. Risk-based design for automotive networks Eric Evenchik, Linklayer labs & Motivum.io Stefano Zanero, Politecnico di Milano & Motivum.io Who are we Eric Evenchick Stefano Zanero Linklayer Labs (Toronto,

More information

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Internet of Things is a game changer Organizations are benefiting from

More information

Deliver Strong Mobile App Security and the Ultimate User Experience

Deliver Strong Mobile App Security and the Ultimate User Experience Deliver Strong Mobile App Security and the Ultimate User Experience The Presenters Will LaSala, Director of Services @ VASCO Will has been with VASCO since 2001 and over the years has been involved in

More information

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017 Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software

More information

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2 Security Insert the Vulnerabilities title of your of the presentation Connected here Car Presented Presented by by Peter Name Vermaat Here Principal Job Title ITS - Date Consultant 24/06/2015 Agenda 1

More information

MOBILE SECURITY OVERVIEW. Tim LeMaster

MOBILE SECURITY OVERVIEW. Tim LeMaster MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com Your data center is in the cloud. Your users and customers have gone mobile. Starbucks is your fall-back Network. Your mobile device is a

More information

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 Christian Espinosa, Alpine Security www.alpinesecurity.com 1 Objectives Learn about penetration testing Learn what to consider when selecting

More information

Gladiator Incident Alert

Gladiator Incident Alert Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,

More information

SentinelOne Technical Brief

SentinelOne Technical Brief SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking

More information

ISDP 2018 Industry Skill Development Program In association with

ISDP 2018 Industry Skill Development Program In association with ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the

More information

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017 Automotive Security: Challenges, Standards and Solutions Alexander Much 12 October 2017 Driver s fears are being fueled by recent news Connected Cars, new opportunities for hackers Autonomous Driving Concepts

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

FIREWALL BEST PRACTICES TO BLOCK

FIREWALL BEST PRACTICES TO BLOCK Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting

More information

Erlang, Open Source and The Connected Car

Erlang, Open Source and The Connected Car Erlang, Open Source and The Connected Car 2016-03-11 Dashboard image reproduced with the permission of Visteon and 3M Corporation GENIVI GENIVI is a registered a trademark of the of the GENIVI GENIVI Alliance

More information

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION SESSION ID: SBX3-W1 IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION Jeffrey Quesnelle Director of Software Development Intrepid Control Systems @IntrepidControl Introduction Spent 15 years working

More information

SGS CYBER SECURITY GROWTH OPPORTUNITIES

SGS CYBER SECURITY GROWTH OPPORTUNITIES SGS CYBER SECURITY GROWTH OPPORTUNITIES Eric Krzyzosiak GENERAL MANAGER DIGITAL Jeffrey Mc Donald Executive Vice President CERTIFICATION & BUSINESS ENHANCEMENT Eric Lee WIRELESS & CONSUMER RETAIL CYBER

More information

Embedding Openness in the Connected Car

Embedding Openness in the Connected Car Embedding Openness in the Connected Car Matt Jones Jaguar Land Rover 25 March 2015 Customer Expectations Customer Expectations Multimodal HMI HD Displays Improved Voice Control Connected World Telematics

More information

AGL Reference Hardware Specification Document

AGL Reference Hardware Specification Document AGL Reference Hardware Specification Document 2017/10/18 Ver 0.1.0 1 Change History Version Date 0.1.0 2017/10/18 The first edition 2 Index 1. AGL Reference Hardware overview... 5 1.1. Goals of AGL Reference

More information

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY FACT: COMPUTERS AND SERVERS ARE STILL AT RISK CONVENTIONAL TOOLS NO LONGER MEASURE UP Despite pouring

More information

Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved

Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved Product Overview Version 1.0 May 2018 Silent Circle The Problem Today s world is mobile. Employees use personal and company owned devices smartphones, laptops, tablets to access corporate data. Businesses

More information

Solving the AV Problem. Whitepaper

Solving the AV Problem. Whitepaper Whitepaper 2 Cloud Infrastructure is on the Rise, and Security is Lagging Behind The concept of antivirus, as it has been known since the first heuristic AV products were released in 1987, entered obsolescence

More information

AT&T Endpoint Security

AT&T Endpoint Security AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

Towards Effective Cybersecurity for Modular, Open Architecture Satellite Systems

Towards Effective Cybersecurity for Modular, Open Architecture Satellite Systems SSC16-IV-6 Towards Effective Cybersecurity for Modular, Open Architecture Satellite Systems Presented to: 30 th Annual AIAA/USU Conference on Small Satellites August 2016 Presented by: Geancarlo Palavicini

More information

Auto Embedded Software: Infotainment

Auto Embedded Software: Infotainment Auto Embedded Software: Infotainment Applied Market Intelligence Hardware: Infotainment system design is following PC model Software/OS: Standardized software/os s will dominate in the future Apps: Future

More information

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,

More information

Secure Product Design Lifecycle for Connected Vehicles

Secure Product Design Lifecycle for Connected Vehicles Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards

More information

Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free

Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free The latest wireless security solutions Protect your wireless systems from crippling attacks using the detailed security information

More information

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things SESSION ID: CCS-W04 Live Demo: A New Hardware- Based Approach to Secure the Internet of Things Cesare Garlati Chief Security Strategist prpl Foundation @CesareGarlati Securing the Internet of (broken)

More information

How to Introduce Virtualization in AGL? Objectives, Plans and Targets for AGL EG-VIRT

How to Introduce Virtualization in AGL? Objectives, Plans and Targets for AGL EG-VIRT How to Introduce Virtualization in AGL? Objectives, Plans and Targets for AGL EG-VIRT Michele Paolino m.paolino@virtualopensystems.com Automotive Grade Linux Summit 2017 2017-06-01, Tokyo, Japan http://www.tapps-project.eu/

More information

Building Trust in the Internet of Things

Building Trust in the Internet of Things AN INTEL COMPANY Building Trust in the Internet of Things Developing an End-to-End Security Strategy for IoT Applications WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Recent security breaches

More information

EC-Council C EH. Certified Ethical Hacker. Program Brochure

EC-Council C EH. Certified Ethical Hacker. Program Brochure EC-Council TM H Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in.

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

Diagnostic Trends 2017 An Overview

Diagnostic Trends 2017 An Overview Diagnostic Trends 2017 An Overview Vector India Conference, 2017-07-18+19 V1.0 2017-07-14 Agenda 1. DoIP 2. Remote Diagnostics 3. Cyber Security 4. Summary 2/29 DoIP Why DoIP? Why another diagnostic network?

More information

Jim Gallagher Senior Technical Marketing Lead, MontaVista Software

Jim Gallagher Senior Technical Marketing Lead, MontaVista Software LinuxCon Tokyo, Japan 2016 Secure IoT Gateway Jim Gallagher Senior Technical Marketing Lead, MontaVista Software Setting the Stage This presentation will focus on developing Secure Gateways (Edge Computing

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

CANSPY A Platform for Auditing CAN Devices

CANSPY A Platform for Auditing CAN Devices This document and its content is the property of Airbus Defence and Space. It shall not be communicated to any third party without the owner s written consent [Airbus Defence and Space Company name]. All

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session

More information

Future Implications for the Vehicle When Considering the Internet of Things (IoT)

Future Implications for the Vehicle When Considering the Internet of Things (IoT) Future Implications for the Vehicle When Considering the Internet of Things (IoT) FTF-AUT-F0082 Richard Soja Automotive MCU Systems Engineer A P R. 2 0 1 4 TM External Use Agenda Overview of Existing Automotive

More information