26–27 September 2017

Tokyo, Japan


Cyber security and resilience of smart cars – threat and risk analysis

Frédéric de Portzamparc, Security Consultant, Trusted Labs (France)

Telematics, connected infotainment or intra-vehicular communication, and tomorrow’s self-driving cars are re-shaping automotive information systems into a complex set of electronic components spread over various networks and subnetworks. This growth in connectivity increases risks with regards to passengers’ safety and privacy. Several broadly publicized examples have illustrated this over the past few years, resulting in millions of vehicle recalls.

The purpose of this talk is to provide a landscape of the risks against a typical connected car architecture and give directions for involved actors to mitigate those risks. We will demonstrate those risks in two different aspects of connected cars: system architecture and physical devices security.

We will provide examples from several use-cases: credential management applications implying cloud services, communication protocols, telematics components. We will detail some attack scenarios against those and show the variety of exploited vulnerabilities. To mitigate their impact, we propose organizational and technical good practices to increase smart cars’ resilience, and present recommendations for various kinds of actors: car manufacturers, suppliers and aftermarket vendors.