Reinhard Kugler (SBA Research)

Title:

You wouldn’t HACK a CAR? A Pentester’s approach to embedded security on
automotive ECUs.

Biography:

Reinhard’s expertise centers around security testing of IT, industrial, and cyber-physical systems. Drawing from his background in cyber defense, reverse engineering and penetration testing, he collaborates with companies to enhance their security capabilities, develop secure products, and contribute to research projects in applied security. Reinhard is also a seasoned instructor, developing customized security training programs. As a member of the MATRIS research group at SBA Research, he provides Applied Research Consulting services to both research partners and companies. He co-organizes meetups in the domains of automotive security, container security and eBPF.

Abstract:

Modern cars, tractors and other road vehicles are not just wheels and an engine anymore – they are a complex network of embedded systems, the electronic control units (ECUs). The software in ECUs operate all car functions and need to exchange information such as vehicle speed, errors and measurements via the CAN bus. This enables car manufacturers to create many features like cruise-control, self-parking or even autonomous driving.

Security became a big concern in the last decade. Since the embedded systems (ECUs) contain intellectual property and are safety-critical, the developers implemented security features – but are those measures state-of-the-art?

This talk gives an introduction on automotive security testing of electronic control units. It shows on real devices how a security tester approaches the analysis and how ECUs defend against attacks.