Securing the Connected Car
Using recent real-world examples, Drew Moseley, Technical Solutions Architect for the open source Mender.io project, will discuss the opportunity of connected cars and walk the audience through the following:
-
Key opportunities OEM’s have for connected vehicles, as demonstrated by Tesla’s ability to provide over-the-air (OTA) software updates
-
The anatomy of the Jeep Cherokee hack: the technical details of how the Jeep Cherokee was hacked and steps you can take to reduce your attack surface
-
Best practices on delivering over-the-air software updates with failover management.
We will cover specific benefits for OEM’s and their customers for connecting their vehicles. Many of the functions of Tesla’s Autopilot’s suite of autonomous driving functions were delivered over-the-air (OTA) as software. According to Elon Musk, these features have reduced the chances of having an accident by 50%. Tesla is also able to drive additional revenue streams from their software that can be delivered over-the-air.
We will then transition to the security risks associated with connected cars, detailing what Charlie Miller and Chris Valasek revealed in the Jeep Cherokee hack which gave them remote control of the car.. We will delve into the technical details of this attack and provide specific security strategies.
Finally, we will cover best practices for delivering over-the-air software updates. Broad software industry statistics show there are 1-25 bugs per 1000 lines of code which demonstrate the critical nature of this capability. We will cover common ways to package and deliver software updates to embedded devices in connected vehicles, as well as strategies for doing it securely and handling failed updates.