SlideShare una empresa de Scribd logo

Auto_Security

Descargar como PPTX, PDF
Heather Axworthy
Heather Axworthy
1 de 15
Automotive Security Myths & Realities Heather Axworthy, CISSP, GMOB hla@haxworthy.com January 2017
Agenda • Connected Vehicle Attack Surface • BUS Protocols – OBD-II – CAN (Controller Area Network) • Vehicle Network • Vehicle Spy • The Jeep Hack – Myth vs. Reality • More Tools • Best Practices • Where To Go Next © 2017 Heather L. Axworthy 2
Connected Vehicle Attack Surface • The connected vehicle aka “cars with Internet enabled components” • Cars are really endpoints (258 million in USA) • Several ways to exploit a vehicle – Keypad access – Sensors – Charging outlet (if electric car) – Audio inputs (Bluetooth, USB, CD/DVD) – Diagnostic Ports (OBD-II) – Mobile App 3© 2017 Heather L. Axworthy
BUS Protocols • Vehicles contain different BUS’s and protocols • ECU (Electronic Control Units) connect to each embedded system (Climate, Steering, etc. and communicate via the BUS) • Connected Vehicles need faster protocols for communication • CAN (Controller Area Network) – Most common, standard on US vehicles since 2008, also on Formula1 – Process multiple signals faster than other BUS types – Dual-wire channel has high and low speed lines 4© 2017 Heather L. Axworthy
5 Smith, Craig. (2016) The Car Hacker’s Handbook, A Guide for the Penetration Tester. San Francisco, CA: No Starch Press TheVehicleNetwork Least Trusted Most Trusted
OBD-II (On Board Diagnostic) • Communicates to vehicle internal network using CAN protocol • Diagnostic messages • Usually located under the steering wheel panel • CAN wires are always in dual- wire pairs, if the connector is not visible immediately • Technician plugs in to run diagnostics, and you can too • See diagnostic data and everything else 6© 2017 Heather L. Axworthy
CAN Packets • CAN packets are broadcast, all controllers see the same packets • Non-diagnostic packets are the ones you want to see • Use arbitration field also referred to as the “CAN ID” to filter • Every auto manufacturer has different ID’s for their service packets 7© 2017 Heather L. Axworthy
Vehicle-Spy • Windows tool for analyzing CAN messages • Not free, commercial software $395 – kit, includes the CAN3 network interface cable 8© 2017 Heather L. Axworthy
The Jeep Hack - Myth vs. Reality • Myth: Really easy, anyone can get into a car from anywhere… • Reality: Challenging – Target 2014 Jeep Cherokee, vulnerability in the Uconnect service – Paid to perform the research by Wired magazine – 1-year to fully exploit – Able to gain access to car via cellular network “Sprint” – IRC port 6667 was open – Reverse Engineer the firmware to accept their CAN packets 11© 2017 Heather L. Axworthy
More Tools OpenGarages on Google Group https://groups.google.com/forum/?fromgroups#!forum/open-garages Vehicle Spy, commercial tool http://www.intrepidcs.com/support/video_vspy3_videos.htm The Car Hacker’s Handbook, March 2016 by Craig Smith https://www.nostarch.com/carhacking Can-UTILS – free, open source https://github.com/linux-can/can-utils Kayak – free, open source http://kayak.2codeornot2code.org/ 12© 2017 Heather L. Axworthy
Best Practices • Developed by the Automotive Information Sharing and Analysis Center (Auto-ISAC) in July 2016 • Cover the organizational and technical aspects of vehicle cyber security • Controls for the automobile are identical to security controls for other internet-enabled systems 1. Governance 4. Threat Detection & Response 2. Risk Management 5. Incident Response & Recovery 3. Security by Design 6. Training & Awareness 13© 2017 Heather L. Axworthy
Where To Go Next… • If regulating bodies are treating the automobile like every other Internet- enabled system…. • Security vendors need to do the same • Market Opportunity: A light-weight end-point solution for the automobile (and other consumer-facing devices) (T) – Identify & protect trust boundaries with security and/or behavioral controls – Emphasize secure connections to, from, and within the vehicle – Limit network interactions to ensure appropriate separation of environments 14© 2017 Heather L. Axworthy
Questions Heather Axworthy, CISSP, GMOB hla@haxworthy.com January, 2017

Recomendados

No Safety Without Security
No Safety Without SecurityNo Safety Without Security
No Safety Without Security
Security Innovation
 
The Connected Vehicle - Challenges and Opportunities.
The Connected Vehicle - Challenges and Opportunities. The Connected Vehicle - Challenges and Opportunities.
The Connected Vehicle - Challenges and Opportunities.
ITU
 
Definiciones de "Competencias Laborales"
Definiciones de "Competencias Laborales"Definiciones de "Competencias Laborales"
Definiciones de "Competencias Laborales"
Joslud
 
Be Conquered
Be ConqueredBe Conquered
Be Conquered
Nikhil Parekh
 
Готовые решения и идеи подарков для ваших сотрудников, клиентов и партнеров к...
Готовые решения и идеи подарков для ваших сотрудников, клиентов и партнеров к...Готовые решения и идеи подарков для ваших сотрудников, клиентов и партнеров к...
Готовые решения и идеи подарков для ваших сотрудников, клиентов и партнеров к...
Harsika AG
 
Recobro arenas no_consolidadas
Recobro arenas no_consolidadasRecobro arenas no_consolidadas
Recobro arenas no_consolidadas
Hector Eduardo Flores
 
2012 Salary Survey
2012 Salary Survey2012 Salary Survey
2012 Salary Survey
Morgan McKinley
 
Performance evaluation 2016
Performance evaluation 2016Performance evaluation 2016
Performance evaluation 2016
Laurent Dolivet
 

Recomendados

No Safety Without Security
No Safety Without SecurityNo Safety Without Security
No Safety Without Security
Security Innovation
 
The Connected Vehicle - Challenges and Opportunities.
The Connected Vehicle - Challenges and Opportunities. The Connected Vehicle - Challenges and Opportunities.
The Connected Vehicle - Challenges and Opportunities.
ITU
 
Definiciones de "Competencias Laborales"
Definiciones de "Competencias Laborales"Definiciones de "Competencias Laborales"
Definiciones de "Competencias Laborales"
Joslud
 
Be Conquered
Be ConqueredBe Conquered
Be Conquered
Nikhil Parekh
 
Готовые решения и идеи подарков для ваших сотрудников, клиентов и партнеров к...
Готовые решения и идеи подарков для ваших сотрудников, клиентов и партнеров к...Готовые решения и идеи подарков для ваших сотрудников, клиентов и партнеров к...
Готовые решения и идеи подарков для ваших сотрудников, клиентов и партнеров к...
Harsika AG
 
Recobro arenas no_consolidadas
Recobro arenas no_consolidadasRecobro arenas no_consolidadas
Recobro arenas no_consolidadas
Hector Eduardo Flores
 
2012 Salary Survey
2012 Salary Survey2012 Salary Survey
2012 Salary Survey
Morgan McKinley
 
Performance evaluation 2016
Performance evaluation 2016Performance evaluation 2016
Performance evaluation 2016
Laurent Dolivet
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in Cars
Alison Chaiken
 
Edmunds presentation
Edmunds presentationEdmunds presentation
Edmunds presentation
Alison Chaiken
 
Automotive Free Software 2013: "Right to Repair" and Privacy
Automotive Free Software 2013: "Right to Repair" and PrivacyAutomotive Free Software 2013: "Right to Repair" and Privacy
Automotive Free Software 2013: "Right to Repair" and Privacy
Alison Chaiken
 
Connected Car Security and the Future of Transportation
Connected Car Security and the Future of Transportation Connected Car Security and the Future of Transportation
Connected Car Security and the Future of Transportation
Liz Slocum
 
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Mark Goldstein
 
ACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
ACUNIA Telematics Field Test - A working solution today - F VandemeulebrouckeACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
ACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
mfrancis
 
Open Source Automotive Development
Open Source Automotive DevelopmentOpen Source Automotive Development
Open Source Automotive Development
OSCON Byrum
 
1 Million Cups Presentation
1 Million Cups Presentation1 Million Cups Presentation
1 Million Cups Presentation
Renz Kuipers
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT World
Brad Nicholas
 
The Autonomous Revolution of Vehicles & Transportation 6/12/19
The Autonomous Revolution of Vehicles & Transportation 6/12/19The Autonomous Revolution of Vehicles & Transportation 6/12/19
The Autonomous Revolution of Vehicles & Transportation 6/12/19
Mark Goldstein
 
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!
NoNameCon
 
How to Solve the Data Challenge in Connected Transport
How to Solve the Data Challenge in Connected TransportHow to Solve the Data Challenge in Connected Transport
How to Solve the Data Challenge in Connected Transport
Knowi
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and Transparency
Alison Chaiken
 
The Autonomous Revolution of Vehicles and Transportation
The Autonomous Revolution of Vehicles and TransportationThe Autonomous Revolution of Vehicles and Transportation
The Autonomous Revolution of Vehicles and Transportation
Mark Goldstein
 
The Complexity of Electronic Systems in Vehicles - M Staudenmaier
The Complexity of Electronic Systems in Vehicles - M StaudenmaierThe Complexity of Electronic Systems in Vehicles - M Staudenmaier
The Complexity of Electronic Systems in Vehicles - M Staudenmaier
mfrancis
 
VISIONFC Automotive Summit
VISIONFC Automotive SummitVISIONFC Automotive Summit
VISIONFC Automotive Summit
NFC Forum
 
Why Cars Need Free Software
Why Cars Need Free SoftwareWhy Cars Need Free Software
Why Cars Need Free Software
Alison Chaiken
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car Security
Suresh Mandava
 
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
IJET - International Journal of Engineering and Techniques
 
Connected Car Investment Thesis
Connected Car Investment ThesisConnected Car Investment Thesis
Connected Car Investment Thesis
James Harris
 

Más contenido relacionado

Similar a Auto_Security

Automotive Free Software 2013: "Right to Repair" and Privacy
Automotive Free Software 2013: "Right to Repair" and PrivacyAutomotive Free Software 2013: "Right to Repair" and Privacy
Automotive Free Software 2013: "Right to Repair" and Privacy
Alison Chaiken
 
ACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
ACUNIA Telematics Field Test - A working solution today - F VandemeulebrouckeACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
ACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
mfrancis
 
The Autonomous Revolution of Vehicles and Transportation
The Autonomous Revolution of Vehicles and TransportationThe Autonomous Revolution of Vehicles and Transportation
The Autonomous Revolution of Vehicles and Transportation
Mark Goldstein
 
The Complexity of Electronic Systems in Vehicles - M Staudenmaier
The Complexity of Electronic Systems in Vehicles - M StaudenmaierThe Complexity of Electronic Systems in Vehicles - M Staudenmaier
The Complexity of Electronic Systems in Vehicles - M Staudenmaier
mfrancis
 
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
IJET - International Journal of Engineering and Techniques
 

Similar a Auto_Security (20)

From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in Cars
 
Edmunds presentation
Edmunds presentationEdmunds presentation
Edmunds presentation
 
Automotive Free Software 2013: "Right to Repair" and Privacy
Automotive Free Software 2013: "Right to Repair" and PrivacyAutomotive Free Software 2013: "Right to Repair" and Privacy
Automotive Free Software 2013: "Right to Repair" and Privacy
 
Connected Car Security and the Future of Transportation
Connected Car Security and the Future of Transportation Connected Car Security and the Future of Transportation
Connected Car Security and the Future of Transportation
 
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
 
ACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
ACUNIA Telematics Field Test - A working solution today - F VandemeulebrouckeACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
ACUNIA Telematics Field Test - A working solution today - F Vandemeulebroucke
 
Open Source Automotive Development
Open Source Automotive DevelopmentOpen Source Automotive Development
Open Source Automotive Development
 
1 Million Cups Presentation
1 Million Cups Presentation1 Million Cups Presentation
1 Million Cups Presentation
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT World
 
The Autonomous Revolution of Vehicles & Transportation 6/12/19
The Autonomous Revolution of Vehicles & Transportation 6/12/19The Autonomous Revolution of Vehicles & Transportation 6/12/19
The Autonomous Revolution of Vehicles & Transportation 6/12/19
 
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!
 
How to Solve the Data Challenge in Connected Transport
How to Solve the Data Challenge in Connected TransportHow to Solve the Data Challenge in Connected Transport
How to Solve the Data Challenge in Connected Transport
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and Transparency
 
The Autonomous Revolution of Vehicles and Transportation
The Autonomous Revolution of Vehicles and TransportationThe Autonomous Revolution of Vehicles and Transportation
The Autonomous Revolution of Vehicles and Transportation
 
The Complexity of Electronic Systems in Vehicles - M Staudenmaier
The Complexity of Electronic Systems in Vehicles - M StaudenmaierThe Complexity of Electronic Systems in Vehicles - M Staudenmaier
The Complexity of Electronic Systems in Vehicles - M Staudenmaier
 
VISIONFC Automotive Summit
VISIONFC Automotive SummitVISIONFC Automotive Summit
VISIONFC Automotive Summit
 
Why Cars Need Free Software
Why Cars Need Free SoftwareWhy Cars Need Free Software
Why Cars Need Free Software
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car Security
 
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
[IJET-V1I5P12] Authors: Omkar Dhorge, ShantanuShamraj ,Sumedh Melkunde, Rohit...
 
Connected Car Investment Thesis
Connected Car Investment ThesisConnected Car Investment Thesis
Connected Car Investment Thesis
 

Auto_Security

  • 1. Automotive Security Myths & Realities Heather Axworthy, CISSP, GMOB hla@haxworthy.com January 2017
  • 2. Agenda • Connected Vehicle Attack Surface • BUS Protocols – OBD-II – CAN (Controller Area Network) • Vehicle Network • Vehicle Spy • The Jeep Hack – Myth vs. Reality • More Tools • Best Practices • Where To Go Next © 2017 Heather L. Axworthy 2
  • 3. Connected Vehicle Attack Surface • The connected vehicle aka “cars with Internet enabled components” • Cars are really endpoints (258 million in USA) • Several ways to exploit a vehicle – Keypad access – Sensors – Charging outlet (if electric car) – Audio inputs (Bluetooth, USB, CD/DVD) – Diagnostic Ports (OBD-II) – Mobile App 3© 2017 Heather L. Axworthy
  • 4. BUS Protocols • Vehicles contain different BUS’s and protocols • ECU (Electronic Control Units) connect to each embedded system (Climate, Steering, etc. and communicate via the BUS) • Connected Vehicles need faster protocols for communication • CAN (Controller Area Network) – Most common, standard on US vehicles since 2008, also on Formula1 – Process multiple signals faster than other BUS types – Dual-wire channel has high and low speed lines 4© 2017 Heather L. Axworthy
  • 5. 5 Smith, Craig. (2016) The Car Hacker’s Handbook, A Guide for the Penetration Tester. San Francisco, CA: No Starch Press TheVehicleNetwork Least Trusted Most Trusted
  • 6. OBD-II (On Board Diagnostic) • Communicates to vehicle internal network using CAN protocol • Diagnostic messages • Usually located under the steering wheel panel • CAN wires are always in dual- wire pairs, if the connector is not visible immediately • Technician plugs in to run diagnostics, and you can too • See diagnostic data and everything else 6© 2017 Heather L. Axworthy
  • 7. CAN Packets • CAN packets are broadcast, all controllers see the same packets • Non-diagnostic packets are the ones you want to see • Use arbitration field also referred to as the “CAN ID” to filter • Every auto manufacturer has different ID’s for their service packets 7© 2017 Heather L. Axworthy
  • 8. Vehicle-Spy • Windows tool for analyzing CAN messages • Not free, commercial software $395 – kit, includes the CAN3 network interface cable 8© 2017 Heather L. Axworthy
  • 9.
  • 10.
  • 11. The Jeep Hack - Myth vs. Reality • Myth: Really easy, anyone can get into a car from anywhere… • Reality: Challenging – Target 2014 Jeep Cherokee, vulnerability in the Uconnect service – Paid to perform the research by Wired magazine – 1-year to fully exploit – Able to gain access to car via cellular network “Sprint” – IRC port 6667 was open – Reverse Engineer the firmware to accept their CAN packets 11© 2017 Heather L. Axworthy
  • 12. More Tools OpenGarages on Google Group https://groups.google.com/forum/?fromgroups#!forum/open-garages Vehicle Spy, commercial tool http://www.intrepidcs.com/support/video_vspy3_videos.htm The Car Hacker’s Handbook, March 2016 by Craig Smith https://www.nostarch.com/carhacking Can-UTILS – free, open source https://github.com/linux-can/can-utils Kayak – free, open source http://kayak.2codeornot2code.org/ 12© 2017 Heather L. Axworthy
  • 13. Best Practices • Developed by the Automotive Information Sharing and Analysis Center (Auto-ISAC) in July 2016 • Cover the organizational and technical aspects of vehicle cyber security • Controls for the automobile are identical to security controls for other internet-enabled systems 1. Governance 4. Threat Detection & Response 2. Risk Management 5. Incident Response & Recovery 3. Security by Design 6. Training & Awareness 13© 2017 Heather L. Axworthy
  • 14. Where To Go Next… • If regulating bodies are treating the automobile like every other Internet- enabled system…. • Security vendors need to do the same • Market Opportunity: A light-weight end-point solution for the automobile (and other consumer-facing devices) (T) – Identify & protect trust boundaries with security and/or behavioral controls – Emphasize secure connections to, from, and within the vehicle – Limit network interactions to ensure appropriate separation of environments 14© 2017 Heather L. Axworthy
  • 15. Questions Heather Axworthy, CISSP, GMOB hla@haxworthy.com January, 2017

Notas del editor

  1. Automobile systems How they are connected ECU CAN-BUS The Jeep Hack – myth vs reality Tools to try at home
  2. What is the connected vehicle Several ways today to examine a vehicle for potential exploitation 41B Industrial Internet of Things (IIoT) forecasted by 2020
  3. Cars today are “mini computers” that have several electrical components that need faster protocols for communication Critical car communication like RPM, braking is on the high-speed line, things like door locks, climate control are on lower speed lines
  4. What is the connected vehicle Several ways today to examine a vehicle for potential exploitation Infotainment/Nav Console is a primary entry point for auto communications. Cellular and wi-fi components have a direct line into the vehicle.
  5. OBDII is mandated in the USA for Vehicles 1996 and newer OBDII is for Emission Related Diagnostics EOBD is mandated on 2001 and newer (petrol) and 2004 and newer (diesel). OBDII Connector Example: over 25 up to 100 controllers Main Controller (MCU) Inputs (Switch and Analog) Outputs (Motors and lights) Connected to share info Contains Memory: Volatile Non-Volatile Power Supply (12V -> 3.3V or 5V)
  6. CAN packets, this is the traffic that Arbitration ID identifies the device trying to communicate Non-diag packets are the ones the car uses to perform functions A lot of noise once connected, use arbitration ID’s to filter them out Differs by manufacturer.
  7. Originally began by infiltrating the vehicle using the built-in wireless connection. Playing around, they found a public IP on one of the interfaces. Every car that has U Connect installed, operates on the Sprint network for it’s communication. Each vehicle has an IP address on the Sprint network. From scanning the range, port 6667 was open. Able to access the vehicle internally, in order to get to the BUS to read the CAN messages (from the wireless “untrust” direction), had to get past the ECU, able to reverse engineer the firmware for it to accept their custom CAN messages.
  8. Governance: Define executive oversight for product security, Functionally align the organization to address vehicle cybersecurity, with defined roles and responsibilities across the organization. Risk Management: Establish a risk-management process, ensure it is adhered to at every stage of the vehicle life-cycle Security by Design: Establish safe coding guidelines and ensure they are adhered to at every stage, identify trust boundaries, protect at every level. Threat Detection and Response: Test, Test, Test, respond to results, Incident Response: Respond and fix Training and awareness:
  9. If the ISAC’s are treating the automobile like a connected system, security vendors need to figure out how to protect it. Now that we know automobiles are vulnerable and are becoming more connected not just to the consumer, but to each other. Endpoint space, there is a need for a lightweight end-point solution that is capable of running on the automobile. Something that would only allow trusted access via the OBD and/or the cellular/wifi interface, also monitor firmware uploads and re-writes from trusted sources. Only allow it from the manufacturer, must be tethered to the service unit