Workshop

Seasides 2025 Edition

How to "Automotive Security" ?

Nowadays Automotive Security is more than just physically hacking a vehicle, While CAN attacks are significant, they represent only one aspect of automotive security.

Automotive security involves assessing the entire ecosystem of the connected vehicle, including the in-vehicle network (IVN) and vehicle-to-everything (V2X) communications. These interconnected systems create a complex attack surface where vulnerabilities can be chained together to compromise various functionalities of the ecosystem.

In this workshop, we will focus on understanding the ecosystem and making attendees develop a mindset geared towards identifying threats and vulnerabilities with guided hands-on exercises and vulnerable ECUs to pentest In-Vehicle communications in the context of automotive security.

 

1. Introduction to Automotive Security

  • Modern Vehicle Functions and Architecture
  • Trends in Vehicle Penetration Testing
  • Defining the Automotive Attack Surface
  • Overview of TARA Process (Threat Analysis and Risk Assessment) Based on ISO 21434 Standard

 

2. TARA Process According to ISO 21434 Standard

  • Item & Asset Definition
  • Damage & Threat Scenarios
  • Attack Paths
  • Feasibility & Risk Rating
  • Technical and Business Risk Quantification

 

3. Introduction to CAN (Controller Area Network)

  • Packet Structure
  • Communication and Protocol Rules

 

4. Hands-on CAN Bus Labs Using Open-Source Tools

  • Sniffing
  • Packet Injection
  • Protocol-Based Attacks

 

5. Hands-on TARA on CAN Bus Attacks with Vulnerable ECUs

Applying the TARA process to analyze and mitigate CAN Bus attacks.

 

6. Introduction to Unified Diagnostic Services (UDS / ISO 14229-1)

(If Time Permits)

  • Overview of UDS Protocol for diagnostics and control
  • Hands-on Labs – Practical exercises involving UDS-based attacks and defenses

 

Basic knowledge of Linux commands

 

Basic knowledge of TARA

 

Strong desire to learn and a willingness to approach problems from a high-level perspective.

Linux based operating host laptop is preferred, windows works too

 

Latest versions of Rshell or Thonny, Putty preinstalled on host machine

 

Administrative privileges on the system

ECU / Vehicle Cybersecurity Architects / Teams from OEMs & ECU Suppliers

 

Anyone who is interested in IVN / Vehicle Pentest

Fused approach of TARA and Pentesting

 

Evaluation on Automotive Eco-system Security

Gaining expertise in automotive security in a single session