In this presentation we will address the topic of security in automotive embedded systems, and typical pitfalls & risky assumptions that happen when designing, implementing and testing new components. In particular, we will highlight some aspects that can go wrong in the auto industry about threat modelling, as well as the required perspective shift from safety to cybersecurity that is currently ongoing due to recently approved regulations. Finally, we will also give some pointers about what kind of attacks will be next (after the classical attacks get structurally addressed) as well as some pointers about what can be done to enable a strong security foundation in automotive products.
Rafael Boix Carpi (Rafa) is a Principal Trainer and Security Specialist at Riscure. His fields of expertise include side channel analysis and fault injection in embedded devices. Rafa has presented talks and workshops/training courses at several conferences worldwide (ASRG 2020, NULLCON 2019, RSA Conference 2018, CCC camp 2015, Crypto Summerschool 2017, 2015 and 2014, etc.), as well as authored and collaborated on several research papers. Rafa enjoys working with customers to come up with an effective strategy to enhance the security of their products. He is interested in information security, software development, hardware hacking and embedded devices, especially in the automotive domain; basically tearing apart any device with chips on it until its secrets are revealed and sharing how to do it for learning how to make things more secure.