DEF CON , Endpoint Security , Events

The Auto Industry's Achilles Heel: Cybersecurity

Thomas Sermpinis of Auxilium Pentest Labs on Challenges of Centralized Car Systems
Thomas Sermpinis, technical director, Auxilium Pentest Labs

Centralized architecture in the automotive industry reduces hardware components, simplifies vehicle management and enhances security by allowing updates to be applied across all electronic control units in a system. But the transition to a centralized architecture poses major cybersecurity challenges, according to Thomas Sermpinis, technical director at Auxilium Pentest Labs.

See Also: SASE: Recognizing the Challenges of Securing a Hybrid Workforce

Manufacturers are required to redesign vehicles and develop new skill sets to manage these advanced systems. This process requires substantial investment, as automakers must rethink how vehicles interact and communicate with sensors, Sermpinis said. The fact that manufacturers have lagged behind other industries in prioritizing cybersecurity compounds the problem.

All major automotive companies started out with a focus on mechanical engineering and "didn't have the ability to catch up with all the progress we did in cybersecurity and all the other industries - be it infrastructure, web application and everything that comes with that," Sermpinis said. "They had to catch up in most of the IT side of the things. But it took them some time to catch up with cybersecurity."

In this video interview with Information Security Media Group at DEF CON 2024, Sermpinis also discussed:

  • How increasing connectivity in vehicles introduces new cybersecurity risks, especially in electric and hydrogen vehicles;
  • How high costs and complexity of testing in the automotive industry make it difficult to compare vulnerabilities;
  • The importance of financially incentivizing researchers for robust vulnerability disclosure.

Sermpinis has decades of experience in automotive security research and in various types of security testing in vehicles, embedded devices and low-level software. Prior to Auxilium Pentest Labs, he served as automotive penetration testing lead at Auxilium Cyber Security.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.