Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 7 au 9 juin 2023.

Sécurité des voitures connectées : Tesla ou t’es pas là ?David Berard, Vincent Dehors

Date : 09 June 2023 à 14:30 — 30 min.

In the context of the Pwn2Own Vancouver 2022 and 2023 contests, the Synacktiv team looked into several embedded systems of Tesla vehicles. The goal of this event is to find and report impactful vulnerabilities and demonstrate realistic attack scenario.

Modern cars have more and more features and connectivity. The attack surface increase and now the cars are fully reliant on electronic technology as well. Therefore, the security of the car computers (ECUs) is taken seriously by car manufacturers.

Whereas we have been able to demonstrate successful remote exploitation of a Tesla cars in 2022 and 2023, this presentation shows how the modern architecture makes these attacks complexe and less impactful. The hardware and software architecture of Tesla vehicles will be described with a focus on the security implications of the design choices made by the manufacturer. This article is blue team oriented and will present generic security principles and state of the art hardening applied on embbeded systems.

This presentation additionally provides insights on how security researchers can obtain the firmware and gain testing capabilities for some critical components.