Advance your Career with Cyber Security Training at SANS Norfolk 2019. Save $350 thru 1/23.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

There's A Secure App for That: How to Mitigate Attacks Targeting Automotive Mobile Application's Communications

  • Tuesday, October 17th, 2017 at 11:00 AM EDT (15:00:00 UTC)
  • Ben Gardiner and Colin DeWinter
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Once a differentiator in the automotive space, mobile applications are now seen as a necessary requirement as more and more consumers expect this type of functionality as a part of their car owning experience. However, the introduction of mobile applications introduces security vulnerabilities that are often times a weak entry point that hackers can exploit. With features like remote HVAC control, unlock and user tracking, they also contain the keys to access critical resources and private information.

Unfortunately, there are varying levels of robustness when it comes to mitigating threats targeting mobile applications. Hackers commonly execute man-in-the-middle (MitM) attacks to exploit these vulnerabilities in order to gain access to vehicle functionality and/or private information.

In this webinar, Ben Gardiner, Principal Security Engineer at Irdeto, will highlight various ways hackers attack mobile applications to execute MitM attacks, including packet captures of clear HTTP, compromised CAs in SSL, Man-in-the-Browser, etc. Ben will also share some recommended MitM mitigations relevant to what was uncovered by the Irdeto team in the surveyed apps.

Attendees will finish the webinar with answers to some key questions to help them mitigate MitM attacks targeting mobile applications, including:

  • What are the many ways an attacker can MitM communications from a mobile app?
  • What implementation strategies can make or break certificate-pinning?
  • What attacks are still possible with properly implemented certificate pinning?
  • What typical tools can be used to test certificate pinning?
  • What are some mitigations against the other MitM attacks?

Speaker Bios

Ben Gardiner

Ben Gardiner is a Principal Security Engineer at Irdeto and a member of the ethical hacking team, specializing in hardware and low-level software security. With more than 10 years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. He brings this knowledge to Irdeto, a pioneer in digital platform and application security. With nearly 50 years of experience, Its software security technology and cyber services protects more than 5 billion devices and applications against cyberattacks for some of the world's best known brands.

Prior to joining Irdeto in 2013, Gardiner held embedded software and systems engineer roles at several organizations. Gardiner has a Masters of Engineering in Applied Math & Stats from Queen's University. He is also a member of and a contributor to SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2) and the GENIVI security subcommittee.


Colin DeWinter

Colin DeWinter is a Junior Security Engineer at Irdeto. Colin is passionate about automotive and connected transport cybersecurity. He specializes in Android and Windows Applications. Prior to joining Irdeto, Colin was a student at the University of Waterloo’s Electrical Engineering program. He is also a member of SAE TEVEES18.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.