OWASP Newcastle - May 2022 - Automotive Cyber Security

Pre-warming seats, remote keyless entry, heated steering wheels, refrigerated glove boxes... we've come a long way in the automotive industry to bring the best experience for road users however gimmicky they may seem. These features come at a price and we're not just talking about money. The cybersecurity demands are now increasing exponentially for the vehicle OEMS and their suppliers because of today's feature-rich vehicles. A typical new vehicle has on average 100 million lines of code and with it brings potential zero-day and accidental vulnerabilities. The cybersecurity challenge in the modern vehicle is proportional to the size of the codebase- cybersecurity management is a daunting task. Cybersecurity is a major topic for almost every digital domain and with this, we can look to our fellow cybersecurity practitioners for guidance and inspiration for our own challenges.
This presentation investigates the cross-over of web security lessons learnt and embedded security. What can we leverage? What should we ignore? OWASP Top 10 in an ECU? Well let's find out...