WTF is in my car (analysis of technologies) – DEFCON 21

“WTF is in my car” was a presentation given at the Defcon 21 conference in 2013, this time by security researchers Jesse Michael and Corey Thuen. In their presentation, Michael and Thuen discussed their analysis of the various technologies and electronic systems present in modern vehicles and the potential security implications associated with them.

The researchers aimed to raise awareness about the increasing complexity of automotive systems and the potential security vulnerabilities that may arise as a result. They conducted a detailed analysis of the onboard technologies found in a variety of vehicle models, including infotainment systems, telematics units, Bluetooth connectivity, and other electronic control units (ECUs) responsible for critical vehicle functions.

Some key points covered in their presentation included:

1. **Overview of Automotive Technologies**: Michael and Thuen provided an overview of the various technologies present in modern vehicles, including onboard computers, sensors, actuators, and communication networks. They discussed how these technologies are interconnected and interact to enable various vehicle functions, from entertainment and navigation to safety and performance.

2. **Security Vulnerabilities**: The researchers identified security vulnerabilities in the software and communication protocols used in automotive systems, including weaknesses in authentication mechanisms, lack of encryption, and insufficient safeguards against remote attacks. They demonstrated how these vulnerabilities could be exploited by malicious actors to gain unauthorized access to vehicle systems or manipulate their behavior.

3. **Attack Demonstrations**: Michael and Thuen conducted live demonstrations to showcase the potential for remote attacks on vehicle systems. They demonstrated how attackers could exploit vulnerabilities in infotainment systems, telematics units, and other onboard technologies to remotely control critical vehicle functions such as steering, braking, and acceleration.

4. **Implications for Safety and Privacy**: The researchers highlighted the safety and privacy implications of their findings, emphasizing the potential risks of remote attacks on vehicle systems and the need for improved security measures to protect against such threats. They also discussed the implications for privacy, as many onboard technologies collect and transmit sensitive data about vehicle operation and driver behavior.

5. **Recommendations for Mitigation**: Michael and Thuen concluded their presentation by offering recommendations for mitigating the security risks associated with automotive technologies. They called for improved security testing and vulnerability assessment practices, stronger encryption and authentication mechanisms, and greater collaboration between automakers, cybersecurity researchers, and regulatory agencies to address emerging threats in the automotive sector.

The “WTF is in my car” presentation generated significant attention within the cybersecurity and automotive communities, prompting discussions about the need for stronger security measures to protect against the growing threat of cyber attacks on modern vehicles.

Leave a Comment