A world-wide known cybersecurity summit with a history of 18 years, which brings together the official and alternative representatives of the information security profession. This time it is more special to us than ever, as one of the main topics is Automotive Cyber Security which is one of our focuses as well. Discover our programs, learn more about our services and don’t forget to check our open roles!
6 October 14:45
Broad view to automotive security and penetration
testing
Over the
last few years, the media were full of various “car hacking” related news.
Keyless entry systems can be bypassed, components can be rooted, firmware can
be manipulated, hidden features can be activated, car functionalities can be
triggered or manipulated remotely, owners can be tracked, just to name some
trivial examples. While the public has increasing attention on automotive
security, this has been already in focus of key industry players for several
years.
Nowadays,
vehicles are very complex systems, moreover they are part of an even more
complex ecosystem. Therefore, answering questions like what car hacking really
means, why it is important, how it is regulated, what the way of targeting a
complete vehicle or an individual ECU (electronic control unit) is, what kind
of technologies need to be addressed and what really should be tested in case
of a car hacking project is not straightforward.
It is no
longer a “capture and replay on CAN bus” or “control the vehicle through OBD-II
port” game.
This
presentation will provide you answers to the questions above and will also
provide you insights into the typical automotive security testing project.
András Kabai
Director
Deloitte Hungary Cyber Risk Services
László Tóth
Partner
Deloitte Hungary Cyber Risk Services
7 October 14:45
Fault injection (FI) attack against embedded systems
Product
security relies on several factors including firmware and hardware security,
hence there are many ways to improve the overall security level, such as secure
coding, hardware config hardening or security testing over the exposed
communication interfaces. These steps can help identifying and eliminating
issues that are likely to be targeted by the attackers.
But what
if, the underlying hardware is prone to fault injection attacks? Will the
hardened hardware configuration and the secure firmware provide enough
protection against a malicious attacker?
This
presentation will provide insight into the fault injection attacks, tools and
techniques with practical demonstration on how FI attack can be used against
real targets, like Trezor hardware wallets to extract sensitive data, or a
CAN-bus connected embedded system to bypass a security feature implemented on
the CAN interface.
András Kabai
Director
Deloitte Hungary Cyber Risk Services
About us
As one of the market leaders in cyber, we are here to
help you by combining the strengths of a diverse team to offer our clients
integral cyber services, from consulting to implementation and operations.
In doing so, we adapt our solutions to the actual business risks and the
rapidly evolving threat landscape to accelerate growth and navigate into a
cyber-empowered future, by managing threat and steering through challenges
responsibly. Resilience is the most important asset for an organization in
today’s increasingly complex world.
AUTOMOTIVE
Specialized services focusing on automotive security. The scope includes complete cars as well as individual ECUs. Testing activities address investigation on electronics and firmware level, in-vehicle automotive buses like CAN, Automotive Ethernet or Flexray and the connected vehicle ecosystem.
HARDWARE/IOT
Testing and evaluation of off-the-shelf electronics products, IoT, automotive or healthcare devices and electronics. Typical projects include:
• Circuit level testing a.k.a. hardware hacking
• Firmware level assessment
• Bus and interface testing, including internal and external communication channels
• Application and backend testing
INDUSTRIAL CONTROL SYSTEMS
We cover the security needs of complex industrial environments, from the shop floor to the product and its backend environment too. The range of tests include, but is not limited to:
• Penetration testing on application and network-level
• Shop floor infrastructure security assessment
• Network segmentation and configuration review
• Hardware-level security testing of Industrial IoT (IIoT) devices
• Simulation of ransomware and APT attacks
RED TEAMING
Simulate complex, real-world-like cyber-attacks including social engineering (e.g. spear phishing or physical intrusion), assumed breach scenarios, external or internal attacker simulations or focused scenarios for high risk applications and systems.
APLLICATION TESTING SERVICES
Focuses on web, API, mobile and binary applications penetration testing. Besides discovering typical vulnerabilities, we also tests application logic flows and apply advanced techniques (e.g., reverse engineering).
INFRASTRUCTURE TESTING
Infrastructure level testing of external perimeters or entire internal networks (e.g. office or production zone), including wireless systems, desktop security review for standard office laptops/workstations or remote access solutions, such as Citrix/VDI desktop or breakout tests for application virtualization or breakout tests for specialized kiosk solutions, such as ATMs, or HMI devices in medical or industrial facilities.
FORENSICS
We provide expertise and highly specialized resources to support clients in all aspects of forensic scenarios, including prevention, detection and investigation in the following areas:
• Digital evidence acquisition
• Digital evidence analysis
• Forensic archiving
• E-Discovery
• Complete forensic investigation
• Non-technical investigation services
• Fraudulent-case consultancy services
• Interview training
• Deloitte Halo whistleblowing solution
INCIDENT RESPONSE
When in need, we offer our quick response team for security incidents and breaches, including:
• On-site security support
• Forensic investigation and malware analysis
• System hardening
• Recovery / Data recovery / Service recovery
Take a look behind the scenes and check our CyberLab, where we literally hack cars, automotive components and even the whole connected vehicle ecosystems.
Careers at Deloitte Cyber Risk
Join an excellent, highly skilled team!
Deloitte Cyber Risk Services team has 50+ professionals working on application penetration testing, automotive security, hardware hacking and Red Teaming project for global brands all around the word. Spend your weekdays in a high secured hardware hacking lab, where it's no surprise if a car enters for security testing. If your happy place contains a 3D printer, an electron microscope and a PLC wall, our open roles might fit you just perfectly.
