how tesla could bring about the downfall of civilization (api days paris 2016)
TRANSCRIPT
Copyright © 2012-2016 Built.io. All Rights Reserved.
@TIMESYNC FROM @BUILTIO
AND OTHER SECURITY DEBACLES
HOW TESLA COULD BRING ABOUT THE DOWNFALL OF CIVILIZATION
@TIMESYNC FROM @BUILTIO
ATIMELINEOF INTRUSION
@TIMESYNC FROM @BUILTIO
2003“SOBIG” VIRUSKILLS TRAIN SIGNALING
@TIMESYNC FROM @BUILTIO
2008LODZ, POLANDTRAM HACKED
@TIMESYNC FROM @BUILTIO
2010DISGRUNTLED EMPLOYEEBRICKED 100 AUTOS
@TIMESYNC FROM @BUILTIO
2011UW & UCSD WIRELESSLYDISABLED LOCKS & BRAKES
@TIMESYNC FROM @BUILTIO
2015WIRED REPORTER’SJEEP JEROKEE HACKED
@TIMESYNC FROM @BUILTIO
2016BOTNET COMPRISED OF25K CLOSED-CIRCUIT TVS
@TIMESYNC FROM @BUILTIO
2016BOTNET COMPRISED OF150K CCTVS DDOSED OVH
@TIMESYNC FROM @BUILTIO
SOMENUMBERS
@TIMESYNC FROM @BUILTIO
1,400,000
NUM OF VEHICLESRECALLED BY CHRYSLER
@TIMESYNC FROM @BUILTIO
471,000
NUM OF VULNERABLE UCONNECTS ON SPRINT
@TIMESYNC FROM @BUILTIO
1,236,304,000
TOTAL VEHICLES ON THE ROAD WORLDWIDE (2014)
@TIMESYNC FROM @BUILTIO
IOT JIFFY-LUBE
@TIMESYNC FROM @BUILTIO
GIVEN THAT MY CAR CAN HURT ME AND MY FAMILY, I WANT TO SEE ENLIGHTENMENT HAPPEN IN THREE TO FIVE YEARS, ESPECIALLY SINCE THE CONSEQUENCES FOR FAILURE ARE FLESH AND BLOOD.
Josh Corman, Co-Founder of I Am The Cavalry
INTELLIGENT DATABASE
@TIMESYNC FROM @BUILTIO
HOW TO SECURE IOT DEVICES & CARS
WHAT DO WE DO?1. Secure Boot Functionality – This is basic; we’ve been
doing it in the PC world for years.2. Secure Code Updates – Again: basic.3. Data Security – Any data stored on device needs to be
encrypted. All communication likewise needs to be encrypted.
4. Authentication – Strong auth is a requirement. Better yet, use a secure auth protocol like X.509 or Kerberos. Even better: multi-factor auth when required.
@TIMESYNC FROM @BUILTIO
HOW TO SECURE IOT DEVICES & CARS
WHAT DO WE DO?5. On Device Firewall Functionality – It needs to happen.6. Intrusion Detection On Device – Existing IoT devices
need to be able to log notify upon failed login attempts.7. Embedded Security Management – Capability to
integrate and manage device security policies directly with enterprise security policies.
8. Anti-Tamper Capabilities – Cars & IoT devices need anti-tamper detection and additional capabilities.
@TIMESYNC FROM @BUILTIO
HOW TO SECURE IOT DEVICES & CARS
WHAT DO WE DO?9. API Security – In order to protect all potential attack
vectors, we need to secure the APIs that power the instructions for all cars and logistic-driven services.
10.On Demand Threat Detection – Anti-virus and malicious threat detection happening either on device or on network.
@TIMESYNC FROM @BUILTIO
SOME PEOPLE DON’T LIKE CHANGE, BUT YOU NEED TO EMBRACE CHANGE IF THE ALTERNATIVE IS DISASTER.
Elon Musk
DISASTER APPROACHES LIKE AN ONCOMING TRAIN