360° Introduction to Connected Car Security — by Li Jun

#IICSG2018 Conference Deep-Tech Track

Day 2 (25 May 2018)

11.30am—12.15pm

@ Stamford Ballroom (Olivia)

[#IICSG2018 Conference Full Schedule]

Abstract

It has been a few years passed since the first car hacking case was reported. Since then, there has been various car security-related research paper, presentations, books, etc. For example, we talked about PKE system relay attack in 2017 at HITB. We reported this issue to Telsa and GM, and Telsa did add certain features to disable PKE. We talked about the key fob rolling code encryption key initialization and management issues at DEFCON in 2016. We report this issue to GM and they are working on solving this issue. We talked about CAN Bus intrusion detection in 2016 at HITB.

In this talk, we are planning to do a summary and forecast of the vulnerabilities that hacker/security researchers used or will be using to attack cars. We will discuss the common mistakes car manufacturers made, for example, firmware signature, feature segregation, etc. We will also talk about potential attacks targeting the novel technologies, for example, the Advanced Driver Assistance Systems (ADAS), Computer Vision (CV) used by autonomous cars to detect lanes, and traffic signs recognition and objects detection that use deep learning.

About Li Jun

Li Jun is a senior security researcher at the UnicornTeam, Qihoo 360. He is the POC of DEFCON Group 010, and member of the DEFCON Group Global Advisory Board. He researches have been presented at conferences such as DEFCON, HITB, KCon, SyScan360, ISC, etc. His research interests include IoT security and connected car security. Li Jun, along with his colleagues, have previously found several automobile vulnerabilities in Tesla, GM cars, Volvo, BMW, Audi, Mercedes Benz and BYD. He is the author of <<智能汽车攻防大揭秘>> ("Connected Car Security Demystified"). He is also the co-author of "Inside Radio: An Attack & Defense Guide".