The Automotive Security Research Group (ASRG) is a non-profit initiative to promote the development of security solutions for automotive products. GOALS: - Research projects on publicly available vehicles, infrastructure and supporting backend systems. - Information concerning existing automotive security problems, solutions, products and technology. - Create a community of shared resources and networking.
Join us for our 28th ASRG-WORLD LiveStream, the global online (COVID19 Approved) version of ASRG. This time we have the pleasure of hosting Andrew Tierney (Hardware Team Lead at Pen Test Partners). They will present us what they found out during a Reverse Engineering of the Over-the-Air Update mechanism of Tesla Inc. and in particular give us hints about weaknesses they found out during these activities.
"Over-the-Air Updates - what could go wrong?"
Tesla Inc. was one of the first companies to perform routine, whole-vehicle firmware updates. We wanted to understand how the car worked and how the firmware updates were deployed, so we bought one, took it apart, and started investigating. We learnt a lot along the way; how the CAN buses are connected, how the hardware is constructed, how the software works, how the car connects back to the mothership, and how these over-the-air updates worked. During this talk, we'll look at some of the weaknesses we found and how they apply to the wider automotive industry.
ABOUT THE PRESENTER:
Andrew Tierney : Andrew leads the hardware team at Pen Test Partners. He covers all systems that aren't general purpose computers: IoT, phones, cars, ships, planes and industrial control. On the offensive side, he has spent many years reverse engineering, researching and finding vulnerabilities in these systems. He is an electronic engineer by training, and loves deep-dives into hardware and cryptography.