- This event has passed.
OWASP Dallas November Meeting
November 14, 2017 @ 6:00 PM - 7:30 PM
Don’t Be a Dummy: A Crash Course in Automotive Security
Automobiles are becoming increasingly connected, exposing their on-board Electronic Control Units (ECUs) to remote attacks. The practicality of such attacks has been demonstrated recently, leading to significant remote control of a vehicle. In order to attack or defend modern automobiles, it is necessary to fully understand the attack surface they present, how different components are connected, and what influence is possible from different ingress points.
In this talk, we first introduce how the electronics and networks of modern vehicles are commonly laid out and connected. We then discuss in-depth several different vehicle components, such as the In-Vehicle Infotainment (IVI) system, focusing on both commonly used technologies, exposed attack surface, and common exploitation techniques. As part of this discussion, potential escalation paths from one system to another will be presented as well. For the different interfaces, open source tools that can be used to attack them will be presented. Highlights of our own recent research on widely distributed technologies will be covered. The talk concludes with a summary of the challenges faced by automotive manufactures when addressing vehicle security and some evidence-based recommendations on how to mitigate risks at industry scale.
Daniel Mayer is a Regional Director with NCC Group heading the Chicago office. He has more than 15 years of technical experience, having been a Principal Consultant prior to his current role. Daniel’s expertise include application and network penetration testing, automotive and mobile security, threat modeling and design reviews, as well as security research.
While working at NCC Group, Daniel became an expert on mobile / iOS application security and developed a tool called ‘idb‘ for iOS application penetration testing. In the past years, Daniel leveraged his mobile and system security expertise and applied them to the field of automotive security. In this area, he has performed threat models as well as penetration tests / security assessments of head-units and other automotive components. In addition, Daniel has given technical automotive talks at Automotive SYS in Berlin, the Qualcomm Mobile Summit in San Diego, and Ekoparty in Buenos Aires. In addition to his current areas of focus, Daniel also has experience in the analysis and design of cryptographic protocols, assessment of two-factor authentication solutions, and the detection and evaluation of timing side-channels. Daniel has presented his research at numerous security conferences including Black Hat, ShmooCon, SOURCE Boston, Toorcon, Ekoparty, and THOTCON.
Prior to NCC Group and Matasano Security, Daniel was a researcher at the Stevens Institute of Technology where his dissertation was in the area of applied cryptography and privacy. During his time at Stevens, Daniel’s work was presented and published at several international security conferences. As a co-founder and CTO of a web hosting and web development company, he was responsible for designing and managing the technical infrastructure as well as developing web applications and new services.
Daniel holds a Ph.D. degree in Computer Science from the Stevens Institute of Technology and a Masters degree in Physics from Rutgers University.
The meeting food & drinks will be sponsored by Akamai.
IMPORTANT Meeting Notes:
The Akamai office is a gun-free zone. Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space.