 capabilities in automotive systems. That's a broad range and there's plenty of stuff to talk about for hours and hours Brief introduction of myself. I work for Bosch Bosch engineering in particular Bosch is one of the largest cars supplier manufacturer, so If you take a random car chances are high that some component is manufactured by Bosch and Bosch engineering is specifically specialized in adapting those parts For small serious customers, which is very exciting because I have exciting customers and also all the Product range of Bosch is at our disposal more or less At night. I love online privacy. So we are hosting tour relays in Vienna. I didn't mention it We're based in Vienna, Austria And in between I do digital forensics Yeah, and the meme artist is on the slide So these pictures that you're about to see our memes and they are not subtle copyright infringements, but pieces of art and There's my Twitter handle So the goal of this talk for me is to give a broad introduction into automotive security more or less Path that I've been walking the past five years my background is in IT and security I didn't know much about automotive security Of course you I saw the headlines and since I'm working now in this field for a few years I thought it might be interesting to have this one introductory talk to everybody Who is interested in this topic? The goal is to identify the most relevant hacks attacks and vulnerabilities that have been out there Of course your mileage may vary so there are numerous sources out there Just go wander on the internet to figure out what automotive hacking is all about and also to Give you your own journey to automotive security Yeah, objectives real-world attacks that have been demonstrated not theoretical attacks What to expect I'll only talk about public stuff. So everything that is found online is linked I also put the slides online you can find them on my Twitter and Every picture is usually linked to the source document so you can walk from the slides and read on the details of all the different attacks and Yeah, basically what I observe there are two groups that do automotive hacking One is the hackers for the fame and the other group is companies for the fame and some fortune So the ecosystem of companies that focus on automotive security is growing and growing And most of the time it starts by some hacker fiddling with their car and trying to get things to work that weren't supposed to work or Have it the other way round What I didn't include is in this talk is the automotive basics So there are numerous talks and resources online check out the car hacking village check out The open garage book about what a camp on bus is how Architectures of components working cars I also didn't include API's because this is just regular IT security securing an API for a car Shouldn't be different than securing an API for Facebook Twitter, whatever it is. I also didn't include immobilizer things also locking systems because There has been tremendous research going on on the megamos crypto system or high-tech to how to basically You're able to steal a car because the security is not done properly in the immobilizer. This is not covered here so I'm focusing on every other component than the locking system and the immobilizers because Regulation demands that every car has immobilizer and usually this is done with some cryptographic Handshake with the key or with a phone or whatever it is So let's start the journey the first time or the first nice resource I found about automotive hacking was a paper from 2010 it was published at an academic security conference in 2010 and Basically what the researchers did is was to analyze how the car works in the inner workings to figure out what a can bus is how you can Relay or inject specific can frames to get basic functionality Just by hooking onto the communication bus. So the can bus is a very Simple communication bus. It provides real-time communication with arbitration, which is a great thing If you would like to have priorities and messages. So unlocking the car probably has a lower Priority compared to detonate the airbag. So this is very useful for most situations and What they identified was that these frames they are not protected. They are not encrypted or authenticated so getting your Debugger or your components connected to one of these buses allows to do all kind of things that are Supposed to be regular functions by the car It's rather easy to do that So you can just hook up an OBD port or any can shield for a raspberry pi And you can work from there to basically just sniff messages and then inject them again and see see what happens What they were able to demonstrate is that you could kill the engine you could apply the brakes and you could disable the brakes just by sitting on the bus, which is kind of the the Goal of all the hackers and attackers to basically Have some functionality Engaged like applying the brakes or steering which can do physical harm because this is not supposed to happen And this shouldn't happen at all cost You can also see down here. This paper was cited 2,000 times since 2010 so Going from there through the work of academics is very interesting because you can see the popular works that have been cited many times often again and again and in the picture to the right you can see that they Pwned the instrument cluster display So in the vehicle the text that is shown there is sent over some bus and they were able to manipulate it and include their own message by Fiddling with the communication content So as I said what they identified was mostly intended functionality So the threat model at that time was that if the car is locked It is considered in a secure state Of course, you can attach yourself to those vehicular buses, but at the same time you can also cut the brake lines or Temple with other sensors if you are physically so basically that was the first work to Show that the regular functionality could also be abused for malicious functionality But mostly because that was beyond the threat model back at the time In the follow-up paper and that was really cool They showed how to hack a telematics unit in one of One of their cars they published it at username security and what was really cool In that talk was that they were able to make that car join an IRC channel for command and control messages So basically 2011 botnets were a thing as they are now, but they used IRC So they connected some component from the car over the telematics unit with the internet IRC So and then were able to submit commands to the car They demonstrated that they could do location tracking. So issuing IRC commands. Hey, what's your location? They were able to exfiltrate audio. So the car had an microphone. They could activate it remotely and get that audio exfiltrated What they also demonstrated was that the update functionality of the infotainment system Was unsigned so every time someone in the dealer or in the workshop They updated the software of the infotainment system with the CD player and thing They did this with an unsigned binary. So basically just tampering with the binary you could root your CD player without actually Having to bypass any security measure They also found and this is really cool a buffer overflow in the WMA parser and they were able to Exploit this over the telematics unit via a phone call So basically what they did is they called the telematics unit because it had a SIM card It had a phone number It wasn't shown to the user that someone is calling the telematics unit because no one would ever do that And then they were able to exploit the buffer overflow in the WMA parser to get root privileges on the telematics unit, which is really cool really the holy grail of automotive hacking because With that amount of control remotely you can do all kind of nasty things and you can see it in the picture It's one of the first iPhones or whatever it is. They're holding a speaker to the microphone and Exploiting the car just like this. I've never seen anything like this again. It's really really cool All right moving forward 2013 to students Dutch students, I think yeah University of Amsterdam What they analyzed was a BMW and they analyzed the telematics unit as well how they did it was they wrapped the antenna of the telematics unit in tin foil and Put an imzi catcher or us rp or some kind of base station fakery next to it and then they were able to inspect and modify SMS content that was sent back and forth they saw that By just by intercepting the messages it works like that If there is a command waiting for the car in the back end the car receives an SMS the SMS triggers wake up of The relevant components once they are online the car connects to the back end Asks if there are commands and then downloads these commands and executes them However, what they saw was that It used an HTTP proxy. It used their own APN their own private online network more or less but There was no Authentication per se so it was a base 64 encoded authentication, which is basically no authentication and they were able to basically Simulate the back end and issue commands to the vehicle just like a regular back end would do for functionality which is part of the car What's also interesting Maybe that was replaced by the proxy But in one request they mentioned that the user agent of the car was firefox 3.5 on Windows 7 which doesn't add up Maybe they saw their own user agent string, but it's really Interesting to see that a car Identifies as a firefox whether it's legit or not. I don't know but I find it very funny Two years later The German ad at sea they took up the work of them or they replicated the work with the imzi catcher And because it's a German ad at sea Germans love their cars. So it's a quite powerful institution They redid this kind of attack. So again, they had a fake base station catching the car and Back in 2013 There was a fleet key there was a key added to SMS's for commands that added encryption and Authentication of some kind. However, there was one key for all the cars of the same kind So it was kind of a fleet key, which is not a good thing if you do it They then published that for unlocking the car the car sends and the back end sends an HTTP get Request unencrypted unauthenticated. So you have the wake up SMS, which is authenticated of some kind using encryption which shares the key and Yeah, basically What they showed was that if you see a car you have to read the win which is conveniently stored next to the windshield You can catch the telematics unit You can wake have it wake up connect to your fake base station and unlock 2.2 million cars Yeah, that was kind of not good. They also showed XML conflicts have been Unauthenticated so the car could be updated for new features or seeded heats for rent whatever it is and that was an unauthenticated XML file and By manipulating that on the fly you could unlock additional features in the same year There was also GM with their on-star system. So if you remember in 2011 There was this remote telematics head unit that Had been hacked over calling it until 2015 GM didn't have a fix and they didn't or maybe they had one and they applied it in The workshops but for cars that never made it into the workshop They had to hack their car themselves more or less to update the software So the on-star system the telematics system. They was never built at the time for software updates They exploited it to introduce update functionality and updated 2 million about 2 million cars to basically Get the fixed software by basically hacking it Which is kind of neat if you hack your own product to have additional functionality That wasn't designed in the first place 2015 was also the year of Charlie Miller and Chris Wallasek the famous G pack which has been Through the media again and again. So for every training I give it within our company This is a must-see of course Because that changed the the entire industry to some kind that it's not a good idea to just add more sim cards But you probably would like to have firewalls and regular IT security features Could be useful They demonstrated it with the famous video where Andy Greenberg was driving on the highway they connected remotely to the car and activated the radio the windshield wipers and Then shut off the engine Very powerful video and very powerful marketing of course for enhancing security in vehicles How did they do it in their 2015 paper? They identified there was a u-connect unit. It was running q and x kind of a real time embedded system This connectivity unit had a 3g connection to the back end and It had open ports Locally over wi-fi. So if you connected with your car over wi-fi You could see the open ports of the telematics unit They also saw that you could do software updates over usb for jailbreaking it. So again software updates were not signed You had to plug in the proper file name and the proper software some basic functionality like Some checksums to identify that it's a legit legit software update and Just by manipulating the software they could change the software, but of course It's not straightforward. You cannot disassemble it right away Take some pain to modify the software But what they then found and this is the the big thing is They found that each car has two ip addresses one of them is for the in vehicular services So if the car spawns a hotspot It connects to a proxy and that is the external ip then But they also saw that the telematics unit had a self announced ip address more or less so everything in the car was using the proper connection But there was also the regular ip address that wasn't firewall. They had to scan two net ranges of Sufficient size and could connect to it because The telematics unit did not expose the open ports only locally But also on the internet interface Which is not a good thing and the the video clearly demonstrates that 2000 2015 was also a great presentation at defcon Where two guys hacked their tesla They identified that of course it's a local linux. Of course it connects to some kind of back end called mothership using a vbm But by local manipulation they were able to ssh into that car and they could do all kind of Nasty things using this ssh connection So they could turn off the car or open the doors Basically everything that is regular functionality or functionality over the app They were able to demonstrate that as well again, you had to have local access, but If you put your car in the dealership You could basically back door every car again and again that is coming in And then at a later point in time go harvest all the belongings in the car or take the cars themselves One once physical access is enough to pertain physical access for the future And again, they showed all the different architectures Every car is different in the architecture and their used components. So One of the first thing most people do is to figure out. Okay, which components are in there What communication buses they use and how could this potentially be exploited? Another work from 2015 also very interesting They demonstrated in an academic publication That aftermarket OBD dongles things that you plug into your OBD ports to have diagnostics or I don't know status messages the things that you do with your car insurances sometimes do that They identified a popular brand and dissected it And found that they have the same ssh key pair on all the OBD dongles and they were sold in the thousands Not a good thing to have the same ssh key because once you compromise one of these dongles you could compromise every other and Yeah, basically they also demonstrated it on showdown 2000 devices By remotely applying the brakes. So they wrote an app They connected to the vehicle to the OBD Port in question This could be done over the internet and then they were able to inject break messages to basically Bring the car to a halt, which is again Endangering physical safety, which is not a good thing 2016 miller and valosex striked again They showed more advanced analysis of their cheap hack And what they were able to demonstrate which didn't quite work in 2015 was some sophisticated techniques to Basically denial of service specific component. So basically what they Observed was that if you put an ecu some component into boot mode into bootrom mode They wait for a software update and they will never wake up again until the software or the car is Restarted or the software is applied Also cars cannot handle conflicting messages So if the message doesn't have a counter or a cryptographic Authentication tag with them, you could simply Inject a contradicting message and the car wouldn't know which message Is the valid one? Some messages had counters and they could because they only increment counters nothing magically They could predate the counters and send the message before the next legit message and thus Prevent the legit message from arriving And yeah, what they also demonstrated in somewhere where there were plenty of cornfields was that they were able to Engage the brakes and steer using the parking assistant. So this is kind of the most physically attack that could Be possible if you're driving on the autobahn And all of a sudden your steering wheel turns to some angle is definitely going to be resulting in a crash 2016 was also the year of keen labs. They demonstrated in a blog post first how they were able to get Root access on a tesla. They did this by Exploiting the fact that teslas always connects to a known wi-fi Which is you can find it online So if you drive up to a supercharger your car will connect To this wi-fi and will ask for software updates and things like that They were able to trigger a webkit exploit So the the the screen in the middle had a browser that browser was not fully patched and By redirecting and intercepting the browser communication They were able to Exploit the browser and because the kernel had been outdated. They were able to Elevate the privileges to root access to basically do anything over the networks because they got root They also presented this at black cat in 2017 And basically i'm not sure if you can see it on on the right, but that's the infamous christmas show video Where they had two cars dancing more or less and blinking with Specific patterns to And they did this by this exploit chain They also said that okay, there's The the software update for the gateways module isn't on is not signed After the publication everything has been signed And also tesla pushed the kernel from 2.6 ish to 4.4 ish So basically based on these public hacks the software security tremendously increased compared to the previous tesla hack In 2018 keen labs did it again. They presented their findings on the tesla x and Because the kernel has been locked down and updated no known vulnerabilities They had to find another way into the kernel and this time they did it with the kernel module for the nvidia tegra chip Which is part of if you want to use your Not sure which component it is, but if it has an nvidia tegra chip that is run in the kernel And there was a bug in tear in there to elevate privileges They also identified that and that's cool If you prepent the signature with some spaces, there's a confusion and the car Rendered the software update as legit even though you just had to add one or two spaces before the signature to bypass that signature check and they also Talked about details on the tesla xmes show In 2018 there was also the Leonard Wooters tesla hack. I know I promised in the beginning. It's not about locking But this is kind of locking because it's really cool What Leonard Wooters was able to demonstrate is that you have to get two challenges from the car So every time you pull the handle the car sends out over Not sure which frequency challenge and if the key fob or any other device used for authentication is able to answer that challenge the car unlocks and He was able to Bypass that by just using two challenges from the car and collecting one response from the key fob built a rainbow table of five terabytes and Basically was able to unlock every tesla because they all had the same Locking system the locking system itself was from an external supplier. So even though this is the famous tesla hack It also infected numerous other cars that had the same locking system implemented um, it used some proprietary crypto dst 40 and You can see on the right the wake-up signal Arrives at the key fob the key fob replies Then the car sends a 40-bit challenge and the key fob responds with a 24-bit response 24-bit isn't that much for 2018 and that's why he was able to enumerate all the challenges and all the responses In 2019 tesla participated in the poem to own contest So basically if you can compromise a thing, you can keep it You have to just publicly disclose the Way and the vulnerability that you have used they The flura at the top team they demonstrated a jit buck in the browser and successfully exploited the infotainment and They won 35 000 k again browser vulnerability Most of the time if it has a browser or if it has a linux car If it's not running on the latest version chances are high that there's something hidden in there In 2019 kinlabs also published or discussed at blackhead their research on bmw They more or less identified 14 cbe's some of them were remotely Triggerable and Demonstrated how they did it and what they did They compromised the head unit. You can see the picture in the middle. They had their own logo displayed They also demonstrated to compromise the gateway and also the telematics unit This is from the slides themselves So basically this is for many modern cars applicable you have an obd2 port which goes to a switch or Straight to a gateway And then you have somewhere you have the telematics you have the head unit and then you have the bus based systems like Controlling the engine controlling the doors windows headlights whatever it is Also controlling things like advanced sensory like you have front radar. You have lidar You have video all different kind of Sensors are now in a car In 2020 A different group from china skyo go 360 group published their research on Daimler e-class. I think it was They demonstrated at great length the different attack factors that they tried and What I like particularly about this is that they also described what they tried and what failed So it reads like an introductory to automotive security Next we tried this didn't work Next next and all the different steps that they Take to compromise the system is outlined in a wonderful report They didn't succeed at windows ce7. So apparently if you buy a Daimler for I don't know how many thousand euros The head unit comes with windows ce7, which is kind of Weird at least to me They they failed at that component, but they Tried and succeeded at the telemedics unit, which is running linux on some arm They were able to impersonate the car and connect to the back end What's also really great about this Presentation is that they used all the big tools that money can buy so they soldered off the nand flash from one of the components And basically rewired it to get access to the content stored in they They used an x-ray for finding the j-tag ports because they were hidden somewhere in between the layers And they also re-implanted this nand chip for Implanting a back door. So basically they took the component out of the car. They took the chip of the pcb They rewrote it with different Software and then reballed it to the component and put everything back together It must have been a tremendous amount of work that went into that And it's really hard to defend against such powerful and capable attackers, of course, you could encrypt the content, but then you can still yeah It's more or less very interesting because of the tools they used Early 2021 there was a tweet by some EA foundation and that was particularly interesting because That was not a talk. That was not presentation at some security conference. It wasn't a vendor it was just a hacker trying to get additional features for their infotainment system and Basically with that tweet he or she described at great length what steps they took to Get code execution rights on the kind of not so modern infotainment system You can see in the picture it runs at 2.6 kernel. It's a Nissan and it's surprisingly it's a Bosch component. So It's a rather old Bosch infotainment system that is not sold anymore But of course it's still driving around in the thousands And in this post he or she described First how to dismantle the infotainment system find the serial ports and attach to them and using The uboot bootloader He or she were able to get read write access to the file system and modify Or at least read the entire file system that is on there Um The surprising twist in this publication then was that by reading the source code and reading all The the binaries and things like that. He found that script which is Shown here below That script assigns a unique name for a usb drive that you plug in So you have an mp3 collection. You don't trust Spotify. So you use plain old usb thumb drives You plug it in and this usb drive is then assigned the mount point and If it has a udu id this usb thumb drive It will get that udu id Assigned as a mount point But if it has a label like a name or things like that The mount point will be created using that label and really interesting part is by having a label that has semicolon dash dash Uh Some functionality or some command you can get command execution simply by renaming your usb thumb drive to a specific name and It's genius because it's so simple you once you have this vulnerability You need to just plug in a specific usb thumb drive wait five minutes or five seconds And you have root and can activate wi-fi ssh. Whatever it is Brilliant tag And of course, it's also very easy to to Defend against because basically you just need to Change that line to not include semi-colons or every Thing that is not a character um to defend against that Another work from Leonard Wooters was Again a tesla hack, but this time the tesla x what he demonstrated was that the and you can see it in the brilliant presentation at Defcon 29 car hacking village from last year and The keyfob itself is a combination of different chips. So you have a bluetooth component in there You have a microcontroller in there and you have a secure element and What he demonstrated was that with this self-built machine He is able to wake up the bluetooth chip of the keyfob Then update the software over bluetooth, which is a usual process and Once the software is uploaded it is checked against Signature with the secure element, but the vulnerability here is that this Response from the secure element was ignored. So regardless of the secure element saying yes, this is a legit signature or No, do not apply this software. It's not legit It applied the software update and installed the malicious software Yeah, with that he was able to extract unlock tokens for for all the doors and Everything wireless you can see it in a brilliant video demonstration You just need to be within range of the keyfob to basically do all the necessary steps for this attack With those stolen tokens. He then approaches the car mimics a keyfob and Sends the tokens to unlock the doors Once he's inside the car. He attaches to the body controller There's no authentication involved, which is surprising But then he could train a new keyfob. So he bought a used keyfob on ebay once he's connected to the To the car He's able to say hey, I have a new keyfob. It's this and drive away with his new car Another tesla hack wineman and schmotzler. They demonstrated at kentse quest how to use Overflow buffer stack overflow over wi-fi to get root permissions on the component in question They showed it in a video you can't see it here But there's a drone and basically the attack is exploitable using this drone Because you all you have to do is send some wi-fi packets and connect and What they were using is conman. It's the connection manager of yokto linux and that had a stack overflow to get root privileges 2021 kin labs again So I didn't know it but kin labs had a run on black hat talks and demonstrations for consecutive years Again and again They analyzed the daimler mbo ux head unit system and They were able to again compromise Everything using a proprietary protocol that is spoken So the attack goes that upon starting the head unit and the telematics unit They exchange WPA encrypted key over the bus. This is unencrypted so it can be sniffed They can then connect with this wi-fi and then Do nasty things and one of the things that was provided by the head unit was The proprietary high q-net protocol. I've never heard it before. I don't know what it is But it included buffer overflows. So basically From there, it's fair game to Basically just compromise everything Yeah In 2021 also At black hat collin of linn Demonstrated that glitching ecu's is useful to bypass protections So usually nowadays you have a ecu That is protected. So you have a jtech password. You have a ur password and by glitching these Password checks, you can get access to the component without needing to know The password he demonstrated in Covet and the the microcontroller in question was a nxp microcontroller with power architecture Which still is commonly used For automotive even though everything is moving towards arm nowadays Early 2020 so 2022 so we're reaching the end of the timeline Willem melching is working for comma ai. He dismantled the steering ecu from his golf It's from 2008. It's rather old But what it demonstrates nicely that It's not only about the engine controller for tuning or the body controller for locking You can also control the steering module simply by manipulating the software on it comma ai the company he's working for is doing a business with that So they hijack the steering and use the I think it's a stereo optical system to basically steer the car on the highway Yeah, very powerful right up because again shows Again and again how you analyze such an automotive embedded component At point to own in may Synecative demonstrated again a tesla exploit. They used wi-fi. There's no write-up yet But they will talk about it at hexagon in In october in paris How they did it i'm really looking forward to that. I really hope it's getting recorded Argus the company Demonstrated at blackhead asia and this is really some high level exploitation That they could exploit using a buffer overflow and embedded automotive components So usually the components they don't have linux. They don't have q and x the smaller components have their own software stack specifically for automotive usually autos are or something like that And they demonstrated that they could use a buffer overflow in processing of those CAD messages To get code execution on that embedded component Really powerful. Um, this is going to keep me for the next one or two years busy Not only to understand how it worked, but also how to derive counter measures Head tip to niels who showed me that that's really really powerful attack Martin herford. He's somewhere here. He's going to present tomorrow on His tesla hex. He demonstrated a kensek west Bluetooth relay attack against tesla 3 so basically with a tesla 3 you have your key in your smartphone and over bluetooth they exchange the cryptographic Dance for authentication And what he showed was that you can do this wirelessly over the internet. So he built two raspberry pies With bluetooth interfaces and one is next to the key fork. The other one is next to the car Which basically allows anywhere to unlock the car There have been two other groups about the same time that showed this one is an academic publication They did it with a wired connection And sold done from ncc group. He showed this two days prior So basically bluetooth relay attack works and He will present tomorrow about his Wonderful vulnerability that he identified Basically there was in If you unlock your tesla with an nfc card It's unlocked a window of 130 seconds where You do not need to re authenticate for example to retap the card to start the engine But what he identified was that There's no user notification of any kind. You can also pair a new bluetooth key And thus have a new car key As a mobile phone paired with that vehicle I've seen Somewhere on twitter kevin 2600. He tweeted that there's a software update now available I didn't verify it if you're interested in that go to his talk tomorrow It's a close proximity attack and you need to have someone tapping with the nfc card for Entering the vehicle But once you see this you can pair a key and you have a new tesla really really impressive Yeah, that's about it. Um This was the really rushed timeline of automotive hacks that I find fascinating Usual disclaimer do not hack cars. You might hurt yourself or others. You should know what you are doing And if you would like to be informed twitter, of course has plenty of resources. There's the asrg The automotive security research group. They are hosting an online event. I think it's in september It's called secure our streets and it's will it will be an online conference dedicated to automotive security And there's the car hacking village, of course defcon is around the corner and i'm really excited for The things that are going to be published there with that. Thank you very much and happy to answer questions Martin, thank you very much. There was an excellent concise Overview of everything that happened in the last few years in car hacking and i'm i'm i'm really happy to see everything Just going on and and and people working on the security of that Having said that any questions could you come to the middle and talk close to the there's a microphone here next to the pool Stand closely to the microphone and use that test. Yes Um, i'm not quite sure how long it's been, but i remember there was a chinese group Hacking a tesla rain sensor camera with General adversarial network attack. Yeah, it wasn't in the hacks. So was that like too boring or what's i mean k? There was no access good question the what they managed is to confuse the recognizer for street and Things like a stop sign i didn't include it because It's really modern and i wanted to of course if you build such a system It should be obvious that you could trick it to some extent But it didn't include it for Time constraints. Yeah, okay, because i think like the visual attack vectors Stay will be a big role and as you said also nobody's securing stuff on the lower level So yeah, absolutely and all those camera based systems. They are connected using ethernet because calm bus is way too slow Hackers love ethernet. So let's see where that goes Yeah, thank you. Thank you for the talk I saw that you are Lamed with the kernel versions which are in the system. So do they get updated on the lifetime of the car or does it have the More or less all the software components from when the car was designed This is going to change so for Vehicular rich now For getting a type approval car manufacturers now have to prove that they have some kind of update management So if you build a car and you want to have a type registered in UN ECE which is more or less whole of europe South africa South america South africa australia and things like that You have to have a concept at hand how you will be able to update the software. So it's not mandatory To update the software. This is of course an economical question. Of course, it's cheaper to do it over internet or any other mean But i'm not sure if it's obliged. You just have to demonstrate that you have an update concept And this will get more and more. So everybody is attaching sim cards to stuff like crazy We will get there that a car will update itself overnight Thank you. I've got one question myself As a user of a modern car My eldest already told me earlier with my former car It's nice that you use that obd port but take it out when you're not near the car because someone can hack into it So yeah No more than I did any other hints and tips for people What to do and what not to do with your car Good question. So every car is different. You should know at least the wireless things that are going on You should understand if you pair a new car key over bluetooth That at least you should verify that there's some code you have to enter things like that You can understand the apps that you are using. So if you use an android app Pipe it into one of those analyzing frameworks and see what they do what requests they do Besides that neck the manufacturer they they have the all the knowledge and documentation And also things like the german adiate. They know how to secure things physically Thank you Oh, there's one more one more. Yep, and but I'm going to ask for that applause but one more question Which is one quick question So since they are now popping up a lot of small companies that build electric cars because you need to don't need that Mechanical drive shaft and all that stuff anymore Are you aware of any company that kind of tries to build a secure car open concept wise? Maybe something like that because there's just all the other stuff It's going to end up like smartphones with bloatware and all the other shit. Then I don't want that Yeah, it's more or less about the time of market So if a manufacturer is really keen on hitting time to market early They will take available components block them together and not put much effort into changing them On the other side if you have a robust background and Robust knowledge of a vehicular chances are high that you have a concept for security and key management and things like that So I expect that New companies that make an electric vehicle They will do the same mistakes again and again just like all the big ones did But eventually we'll get there every supplier will be Required to do security Updaterability things like that. It will change Yeah, it's more like is there like a offline per design thing that was like I don't know any It's all about convenience and apps and I like that sentence eventually we will get there and I think let's keep it on that for today Ladies and gentlemen big hand again