A world-wide known cybersecurity summit with a history of 18 years, which brings together the official and alternative representatives of the information security profession. This time it is more special to us than ever, as one of the main topics is Automotive Cyber Security which is one of our focuses as well. Discover our programs, learn more about our services and don’t forget to check our open roles!
6 October 14:45
Broad view to automotive security and penetration
last few years, the media were full of various “car hacking” related news.
Keyless entry systems can be bypassed, components can be rooted, firmware can
be manipulated, hidden features can be activated, car functionalities can be
triggered or manipulated remotely, owners can be tracked, just to name some
trivial examples. While the public has increasing attention on automotive
security, this has been already in focus of key industry players for several
Nowadays, vehicles are very complex systems, moreover they are part of an even more complex ecosystem. Therefore, answering questions like what car hacking really means, why it is important, how it is regulated, what the way of targeting a complete vehicle or an individual ECU (electronic control unit) is, what kind of technologies need to be addressed and what really should be tested in case of a car hacking project is not straightforward.
It is no longer a “capture and replay on CAN bus” or “control the vehicle through OBD-II port” game.
This presentation will provide you answers to the questions above and will also provide you insights into the typical automotive security testing project.
Deloitte Hungary Cyber Risk Services
Deloitte Hungary Cyber Risk Services
7 October 14:45
Fault injection (FI) attack against embedded systems
security relies on several factors including firmware and hardware security,
hence there are many ways to improve the overall security level, such as secure
coding, hardware config hardening or security testing over the exposed
communication interfaces. These steps can help identifying and eliminating
issues that are likely to be targeted by the attackers.
But what if, the underlying hardware is prone to fault injection attacks? Will the hardened hardware configuration and the secure firmware provide enough protection against a malicious attacker?
This presentation will provide insight into the fault injection attacks, tools and techniques with practical demonstration on how FI attack can be used against real targets, like Trezor hardware wallets to extract sensitive data, or a CAN-bus connected embedded system to bypass a security feature implemented on the CAN interface.
Deloitte Hungary Cyber Risk Services
7 October 12:10 - 14:10
Introduction to the CAN-bus and car hacking - workshop
Understanding the CAN bus
communication and protocols are essential to make the first step towards car
Join our workshop at Hacktivity and develop skills to capture and analyze CAN frames, and gain practical knowledge on real targets! Additionally, you can use these freshly acquired skills at our car hacking challenge prepared for the event.
Show us your skills! - Car hacking challange at Deloitte Booth
Don't forget to visit us at Hacktivity, especially if you are up to some car hacking challenge! Show us your skills because we reward the best and the most inventive solutions! Boost your chances by acquiring new skills at Deloitte’s “Introduction to Automotive CAN bus hacking” workshop!
As one of the market leaders in cyber, we are here to
help you by combining the strengths of a diverse team to offer our clients
integral cyber services, from consulting to implementation and operations.
In doing so, we adapt our solutions to the actual business risks and the
rapidly evolving threat landscape to accelerate growth and navigate into a
cyber-empowered future, by managing threat and steering through challenges
responsibly. Resilience is the most important asset for an organization in
today’s increasingly complex world.
Specialized services focusing on automotive security. The scope includes complete cars as well as individual ECUs. Testing activities address investigation on electronics and firmware level, in-vehicle automotive buses like CAN, Automotive Ethernet or Flexray and the connected vehicle ecosystem.
Testing and evaluation of off-the-shelf electronics products, IoT, automotive or healthcare devices and electronics. Typical projects include:
• Circuit level testing a.k.a. hardware hacking
• Firmware level assessment
• Bus and interface testing, including internal and external communication channels
• Application and backend testing
INDUSTRIAL CONTROL SYSTEMS
We cover the security needs of complex industrial environments, from the shop floor to the product and its backend environment too. The range of tests include, but is not limited to:
• Penetration testing on application and network-level
• Shop floor infrastructure security assessment
• Network segmentation and configuration review
• Hardware-level security testing of Industrial IoT (IIoT) devices
• Simulation of ransomware and APT attacks
Simulate complex, real-world-like cyber-attacks including social engineering (e.g. spear phishing or physical intrusion), assumed breach scenarios, external or internal attacker simulations or focused scenarios for high risk applications and systems.
APLLICATION TESTING SERVICES
Focuses on web, API, mobile and binary applications penetration testing. Besides discovering typical vulnerabilities, we also tests application logic flows and apply advanced techniques (e.g., reverse engineering).
Infrastructure level testing of external perimeters or entire internal networks (e.g. office or production zone), including wireless systems, desktop security review for standard office laptops/workstations or remote access solutions, such as Citrix/VDI desktop or breakout tests for application virtualization or breakout tests for specialized kiosk solutions, such as ATMs, or HMI devices in medical or industrial facilities.
We provide expertise and highly specialized resources to support clients in all aspects of forensic scenarios, including prevention, detection and investigation in the following areas:
• Digital evidence acquisition
• Digital evidence analysis
• Forensic archiving
• Complete forensic investigation
• Non-technical investigation services
• Fraudulent-case consultancy services
• Interview training
• Deloitte Halo whistleblowing solution
When in need, we offer our quick response team for security incidents and breaches, including:
• On-site security support
• Forensic investigation and malware analysis
• System hardening
• Recovery / Data recovery / Service recovery
Take a look behind the scenes and check our CyberLab, where we literally hack cars, automotive components and even the whole connected vehicle ecosystems.
Careers at Deloitte Cyber Risk
Join an excellent, highly skilled team!
Deloitte Cyber Risk Services team has 50+ professionals working on application penetration testing, automotive security, hardware hacking and Red Teaming project for global brands all around the word. Spend your weekdays in a high secured hardware hacking lab, where it's no surprise if a car enters for security testing. If your happy place contains a 3D printer, an electron microscope and a PLC wall, our open roles might fit you just perfectly.
Automotive Cybersecurity Compliance Expert
Multiple years’ experience with cyber-physical systems
Junior Automotive Cybersecurity Consultant
Hands-on experience of audit processes
Automotive / IoT Cybersecurity
years of experience in automotive technologies
Hardware / IoT Secuirty
Advanced knowledge of network protocols
Junior Hardware / IoT / Automotive Security Consultant
Understanding of basics of hardware level communication interfaces