There's A Secure App for That: How to Mitigate Attacks Targeting Automotive Mobile Application's Communications

  • Tuesday, 17 Oct 2017 11:00AM EDT (17 Oct 2017 15:00 UTC)
  • Speakers: Ben Gardiner, Colin DeWinter

Once a differentiator in the automotive space, mobile applications are now seen as a necessary requirement as more and more consumers expect this type of functionality as a part of their car owning experience. However, the introduction of mobile applications introduces security vulnerabilities that are often times a weak entry point that hackers can exploit. With features like remote HVAC control, unlock and user tracking, they also contain the keys to access critical resources and private information.

Unfortunately, there are varying levels of robustness when it comes to mitigating threats targeting mobile applications. Hackers commonly execute man-in-the-middle (MitM) attacks to exploit these vulnerabilities in order to gain access to vehicle functionality and/or private information.

In this webinar, Ben Gardiner, Principal Security Engineer at Irdeto, will highlight various ways hackers attack mobile applications to execute MitM attacks, including packet captures of clear HTTP, compromised CAs in SSL, Man-in-the-Browser, etc. Ben will also share some recommended MitM mitigations relevant to what was uncovered by the Irdeto team in the surveyed apps.

Attendees will finish the webinar with answers to some key questions to help them mitigate MitM attacks targeting mobile applications, including:

  • What are the many ways an attacker can MitM communications from a mobile app?
  • What implementation strategies can make or break certificate-pinning?
  • What attacks are still possible with properly implemented certificate pinning?
  • What typical tools can be used to test certificate pinning?
  • What are some mitigations against the other MitM attacks?