Friday 5 October 14:00 - 14:30, Red room
Inbar Raz (Argus Cyber Security)
In an average five-year-old car, there are about 30 different computers on board. In an average new car, there are double that number, and in some cases up to 100. That's a network the size of what a SMB would have, only there's no CIO/CISO, and not even a part-time IT guy. We have no idea what's going on under the hood. To add to the complexity, there are between two and five different bus types in an average modern car. With different protocols and even different wiring, a modern car's network diagram is a CISO's nightmare.
There are many challenges in the automotive domain. From strict development regulations, through very long development cycles, to very little security by design in vehicles currently on the road - working in this domain is challenging, to say the least. But unlike almost anywhere else, this time the defence might actually have a fighting chance.
In this talk, we will share our experience in the automotive domain. We will explain the complexity of the playing field, share examples of the problems we've encountered, and talk about the challenges involved.
Inbar has been teaching and lecturing about Internet security and reverse engineering for nearly as long as he has been doing that himself. He started programming at the age of 9 on his Dragon 64. At 13 he got a PC, and promptly started reverse engineering at the age of 14. Through high school he was a key figure in the Israeli BBS scene. He spent most of his career in the Internet and data security field, and the only reason he's not in jail right now is because he chose the right side of the law at an early age.
Inbar specializes in outside-the-box approaches to analysing security and finding vulnerabilities, using his extensive experience of over 25 years. He spent three years at Check Point, running the Malware and Security Research team, and two years at PerimeterX, performing fascinating research on bots and web automation attacks. Nowadays he is a security architect at Argus Cyber Security, protecting the automotive domain from hackers.
Andrew Brandt (Independent researcher)
Amit Serper (Cybereason)
Martijn Grooten (Virus Bulletin)