Jagor Čakmak | Attempt of secure development in automotive

muted myself please mic okay hey hi all uh I am yagur coming out from remas technology I've been you know most of you know me I'm in this community now for 15 years and something uh I did a lot of things R&D instant response back in the day with Carnet colleagues uh and latest uh before my Automotive life in infigo pen testing mostly pen testing uh and now for the last 3 years I am doing uh automotive security uh for me car is a thing that goes from point A to B and nothing else uh but I like technology so why do we do this in automotive uh well actually United Nations said the this discovered that cars are big

computers on Wheels and they can crash into things when get hacked so there you have this like document United Nation regulation number 105555 sorry uh with big United Nations stamp uh that says that you have to take care of the cyber security while while developing vehicle uh two and a half years ago I talked in bides Vin about the cyber security of connected cars and ecosystems today we'll go a bit deeper uh into development itself but bottom line um for those who who don't know nowadays you submit your crash test report that car won't crash you and then you also submit your pent test report uh to the homologation body and you cannot put a vehicle on the road

without that we do technology we uh in rem technology don't do the whole vehicle we do parts we do uh batteries inverters uh Power Trains battery Management Systems a lot of different things uh and we have to adhere to the those boring standard of iso 21434 uh which ensures that which ensures that we took cyber security in mind when developing our products which then go in the vehicle because vehicle any vehicle my most cheap Volkswagen outside has a lot of different computers inside that need to communicate each other and in case also of my cheapest Volkswagen now it's connected to the internet I have an app I can connect to it that means that well

basically can get hacked a lot of things got hacked uh and now cyber security is a really big Topic in automotive but Automotive does not know how to develop things fast and Automotive has a really different perception of software development than the rest of the world uh because of two constraints um one major one well the vehicle can kill you uh the second one is that uh it's hugely expensive because it involves millions of uh devices that are somewhere you don't know where so if something goes wrong you cannot easily update that now I mean we're just starting to have the un and software overd updates um like Tesla is the Pioneer of this whole e new

ecosystem but uh what do Automotive know what Automotive knows that how to make software and Hardware uh in a way that it doesn't kill you so they decided to take an approach similar in a way that uh they approach that car doesn't kill you to take care of the cyber security people who take care that the car doesn't kill you are called functional safety Engineers uh and they ensure that uh there is no sudden movement of the car and that that your tempomat uh does not go to the 200 kilm an hour without any actual input uh those people their their first step is this Hazard analysis in risk assessment basically they take a look of

the whole vehicle and then any subsystem in the car uh to see how it how can it harm the passenger inside or any other person on the road uh and then people in automotive industry said okay fine we are going to do a similar uh approach for cyber security that means that we have threat analysis in risk assessment while they have Hazard analysis in risk assessment uh they have some safety levels some some safety uh um not all components are same on the same safety level let's say your radio in the car is not necessarily on the same safety level as your emergency break right emergency break has to have failovers and you can believe what it

has to have like full State machine description you have to know all theault all the error State all the fault States and how to behave it there is there is no it has to be completely deterministic uh on the other hand obviously your uh apple carplay does not behave in that way uh same thing goes for us there is a cyber security risk assessment which takes into consideration the impact uh for the customer in our case because we produce the V uh component that goes into the vehicles it's go feasibility like okay fine we can hack it but what it takes to be hacked uh and the risk level so basically is it annoyance or it will

kill somebody and from there going go it goes further and further but the bottom line from there we Define uh something called cyber security goals those are like some broad statements that says um what you want to achieve with the cyber security and Automotive uh and then you go for the cyber security concept architecture and then design and cyber security controls and what I want to show you in this talk is how we start with that and how in the end we actually test for the cyber security what we do um us and now everybody else in the automotive industry so you take one component in mind let's take powert Trin we will examine power Trin because it's

from cyber security perspective it's relatively simple you have usually one major input which is SC buas it's a communication interface that goes over the inside the are uh that's a network which is defined 30 years ago and all those nice things that we know in the cyber security world for the it we do not have an automotive meaning we do not know who send the message you have uh we do not know for sure easily was it me uh who who sent it um or maybe was it replayed it's it's a difficult questions the reason why now now Automotive goes now easil some somewhat to the automotive ethernet which has all the things that we know but although the

broad throughput of the can network is not that big it's really fast and response and you want that uh when you have a crash and you want airbags to be activated right um so what what are the like basic functionalities from communication standpoint of power train I know it it controls the vehicle that it doesn't vear off right uh it communicates with inverter inside uh if for an regen regenerative braking uh it needs to communicate with the battery management system to see how to when and how to charge the battery uh if there is some fault it needs to bring up the light like those light switches behind the dashboard that something is wrong um

so actually although it's relatively simple device from the cyber security perspective and there is only one communication interface usually on it there is a so many feature communicate communication Network features on the device itself that you need to take a look so this one is interesting for us let's say uh well basically function it transmits drives driver's acceler accelerator input as a torque request so on any let's say ID3 you push the pedal it's not physically connected to the inverter it it sends a message it sends a network message please give me more power and then the power train says okay somebody sent me a message that he wants more power and and it goes faster

right uh you can see now what with what I said before we don't we by default we do not know who sent this message so uh in can Network so there is an extension above it and then we start okay this is the threat analysis for us we have powert Trin uh there there is some communication there is only one communication Network for which we are responsible here um what is the threat somebody can come in and record communication and then replay the messages then we extend what is needed to be done here to somebody achieve this either compromise the some other device in the network of the vehicle because remember now all the vehicles are connected to the internet

or gain the physical access to the actual wires uh and then from there you grow your tree and this is just for one feature uh so for example we can gain physical access to canbas okay how do we do that there is a actually one standard way which is in every car that is OBD Port you can connect to and try to see error messages or you can maliciously do that and clim the wires somewhere right uh but on the other hand if somebody manages to compromise another entity in the network he can maybe sniff traffic and see what's happening um this happened in those the most famous case in 20 5 for your standard uh

Jeep Su family SUV what happened when you not connect to all the things bottom line um they had Telemetry unit exposed to the internet which they didn't patch uh and some some uh remote procedure call Port was open and if you were on the same Telecom Network you can just end Map and find all the all the all those devices on the network use one Pyon script from exploit DB get on the device and from there you're you're on the inside of the network of the car normal network of the car should have some cyber security controls in place because as we are doing this for the one component because we are component uh manufacturer the let's say Volkswagen or

I don't know Toyota needs to do this on vehicle level for each component and they have to do whole network to see what of the interactions what's happening and this is possible in vehicles because it's relatively stationary Network you if there is a change in a network change of the communication of the network you you should know about that it's not like in it systems where you update Chrome and your EDR starts behaving weirdly because there are some weird calls around the network um so what happened for the for the Jeep uh they compromised infotainment from tele Telemetry unit to infotainment and then from infotainment they uh managed to update what's device that called cyber

security Gateway which was not cyber secure because there was no digital signing on the device and they managed to patch the firmware and send the message to the internals of the vehicle for example to the powertrain and when you all have this in mind that we are developing one component here but we need to be prepared that in case that there is a compromise of existing Network um or the wireless attack Vector uh for the components which I plac here maybe not for the uh power train but if you're developing infotainment if you're developing Telemetry unit even some weird stuff there was some uh Wireless attack on the those tire tire pressure sensors because that sends wirelessly

data to the network uh so you have to model everything but for us for this case everything goes CM down that okay fine uh somebody will manage to log the data that is sent in the network and then what obviously they need to analyze it those this data is not publicly available um of security to security which is not uh um so they need to figure out how the network works so you you what usually you have as a manufacturer it's some something called can DBC it's a can can message database where you describe all the messages so you you reverse engineer your K DBC and try to figure out what message uh means what

how do you do that uh in The Brute Force way there was a actually excellent uh presentation besides Oak two years year ago two years ago where the one of the car guys from the car hacking Village said how do they do that well they basically plug into the can Network he Rent A Car plugins to the network and start fuzzing and hopes that something will happen and what happened to him is that he managed to get autometers from a rental card from I don't know 2,000 km to 9999 kilm and then he had problems with returning the car to the rental company because he made too many kilometers so yeah that's what we are

fighting against amongst other things right um so how do we protect for that um obviously now we said okay we really don't want to have a situation where somebody's able to replay a message or for more torque for basically go 200 km/ hour now uh so we need to make ensure that uh we know who we are talking to that at least you can we can only uh receive messages from the the one component that we know that we are allowed to receive those messages and nobody else how do we ensure that there is actually let's say new layer on top of the communication on the K Network called SE SEC secure onboard communication fine check okay checkbox

now we move moved forward we will reduce the Threat Level like that what we introduced message authentication codes time stamp encounters challenge response mechanisms session Keys maybe rolling codes or maybe in more more advanced way H Max not just max but now now what we have introduced into the system cryptography because and random number generators because through true we have to have true random number generators but like where do I store session Keys now well that means that I have to have a new device inside my device now I have to have HSM now I have HSM and then I don't want you guys to take my device and all you hackers here and me in my previous job and steal my

secrets because if you steal my secrets it's not just an update I have to recall my clients need need to recall all the devices uh back to the workshop to be reconfigured H okay we have a new problem in place that's disclosure of cryptographic keys where do we store them uh well obviously now there is a physical access to the device uh and you actually physically access to access the device how do you flash how do you change memory how do you read memory you need to read memory if you want to update the firware of the device that's something called UDS uh and that's a legitimate function of any any ECU uh there is a jte there is a

debugging Port because you need it in at least in uh development there is a direct memory access uh with those like pins and everything um and maybe even disordering the the chip itself and doing the memory analysis okay now we have new layer one more layer of the complexity and we're just talking about one feature of one device um okay to to use this there is a hardare fault injection there was some really good papers and really good talks how they manag to avoid uh with currency injections uh on the on the micro to step over the authorization of the UDS what do you do then you introduce a new separate chip which is the uh made not

to be uh vulnerable to that which is basically HSM um and then okay we need to store data in HSM that that adds a new complexity again we need to store we have to inject the keys into the device somewhere it's either on the end of the line of the production or in the chip manufacturing itself if you're a really really big vendor then you usually talk with the chip manufacturer itself which will then uh put keys inside while making a chip uh but that means that you have whole backend infrastructure which we have which is normal it backend infrastructure which deals with key injection facility key storing and all those things that you all guys know from the bank business and

especially car production business how do you handle the keys right so yeah and our now our let's say greatest feere is the extraction of the private keys and then we need to calculate is the investment into the HSM in the chip how how much how does does this brings up the bill of material cost and how much would it basically call us cost us to recall the device the shame that we got hacked and everything else because it's not easy not so easy um what you see here that is the code is really interconnected with the hardware so we cannot iterate really fast it's really hard once we decide for the hardware we have to build from that

there is no easy fix okay we'll just change configuration no like you chose microcontroller you chose HSM you drew a board there is a like 10 people uh which man which did the simulations of electromagnetic uh radiation on the on the board to make sure that everything is okay the the heating resolution so for example just the task of removing jte uh jte condu of the board is not that actually simple because you will change the electromagnetic uh properties of the board um one really cool tool that we are actually is one of our sources for this whole structure uh is the embed framework it came out I think last year uh so you can for any embedded device

you can like choose what you have like does theice does include does device include microprocessor yes do you have external memory storage yes do you have a boot loader yes uh and so on and then it goes like attack matrics similar I mean uh and it says which are applicable threats for you so you have to model all those threats take care of them and from there derive cyber security requirements and mitigations for example for boot loader secure if you have a boot loader that means that you have to have secure boot loader secure boot loader requires Hardware root of trust how do you achieve Hardware roor thrust uh and now we here this is this is up this upper part

is just one small snippet of our uh attack three for just one device which is not that complex from cyber security perspective and there is more actually uh but now we're here we saw what are the threats and now we can Define the goals uh our let's say one goal that we can have is uh if one vehicle gets hacked that not all vehicles got hacked immediately so that means for example specific Keys per device um from there we didn't Define cyber security technical concept that basically means um higher level requirements from there we Define software and Hardware cyber security requirements in your from our perspective we have let's say our own We Are One stakeholder in

the in the whole ecosystem our clients is client is another one uh what that means uh recall let's say compromise of those those crypto Keys is really high problem for us but if the client is not owner of those skis maybe that's not so high problem from from him but he has other perspective but let's say that um when you go for the technical requirements and when once you agree with the customer we are talking about between 500 and, plus Cy full technical cyber security requirements which software developers need to implement and you have to have you have to track it somewhere somehow that we achieved those level of cyber level of cyber security uh Assurance whatever

that means but but with that paper uh our clients will go to the homologation body with all the all the all those papers is similar manner done uh as we are doing for each of those components in the vehicle they will go with a stack of papers not hopefully not actually papers to the homologation body they will put it there okay this is our documentation and this is the crash test and this is e ecological test can we now please put the C to the market um so this is the structure that we got from the pre all the previous slides there is some generic goal we want to prevent unauthorized access to the vehicle

powertrain uh we claim that we manage to ensure that only authorized entities meaning us can communicate with the that ECU then requirement says Implement message authentication that SEC uh use secure boot that uh firw doesn't get compromised and changed as in Jeep hack uh that there is some certain roles because maybe at some point in time uh in 10 years have in mind that that vehicles are on the road for 10 plus years and we need to take take that into consideration that in 10 years maybe we'll have to roll the keys but not everybody needs to access have access to roll the keys and from there we defined like fully specific things like that

message needs to be signed by H hmax sh 256 and so on um totally F funny thing uh year ago C GPT didn't know anything about automotive security Now it knows so you can like do ex generic examples with that um and now once we have requirements then we go deep down uh into the like how do we actually Implement boot manager how do we communicate for the keys how do we exchange the keys and so on uh um this is documentation from one really big vendor publicly available uh where they describe how how their uh libraries do and how the whole system communicates um and there is a lot of that so remember up to thousand cyber

security requirements that need to be covered technically for one one project which is not so cyber security hard to do in a sense I cannot like if you go for infotainment which is has Wireless Bluetooth uh USB port complexity goes out of out of the the blue so once we hopefully now developed we go for the other side of the V model that's verification and validation uh interesting thing is that um that ISO standard that I said in the start actually States this in that this is what you need to do functional testing you ensure that authorization on the device actually works uh vulnerability scanning which is topic by itself uh fuz testing literally says you

have to fast test and you have to do penetration test um vulnerability scanning for the embed device is really hard and it's not so easy because uh most of the the code is either proprietary and scanning of the interfaces is not so easy without like deep knowledge of how things work there is no standardization for the most part maybe in some other parts of the embedded world it is but automo not so much because vendors will specify how communication needs to work because they need they will buy something let's say from us from Bosch from Continental from I don't know infinion and all those things need to work together so they make a specification which is specific

to them uh what we see in the market now is that a lot of companies are rising and doing some scanning and now fast testing and penetration testing services for the vehicles and and components of the vehicles um we are trying to build our own fer because all the tools in the uh what we saw are not good enough let's say uh low sitting here helped me before with that so thank you we still using it and developing uh but B basically what we do uh um we try to so we know what we put inside that's the difference it's not completely Black Box fuzzing uh we know that's DBC file we know what are all the

messages that can occur so we use that we uh test it we parse it we get all the can ID we mutate payloads we try to do like bit it's it's still most from the perspective why like modern fuzzing is still more or less simple bit flip B swapping in deletion of bytes random random inserting Randomness uh while maintaining or not maintaining the structure needed for the message itself depends what we want to achieve um and then from that it goes to the socket can library from that it goes to that small device which is called Peak can and then it goes to device one big big problem with this this whole setup uh unlike the it system you can

cannot easily or some most most often you cannot emulate the device because it has sensors it it expects some communication in the background um there is huge hill rigs so there Hardware in the loop uh which simulates the networks of the vehicle where you need to simulate that and then for you you'll use uh usually proprietary debuggers that are made by the chip manufacturers where you connect to the JTAG and we try to monitor for the changes in the like registers and uh flow flow of the code um those those those things are hugely big and expensive um we would like to find a way which is like more open source um and yeah we we're fuzzing like

we leave it for like I don't know week or something we and we manag to crash a lot of things um similar as in uh it there are layers there are there are layers of code which were written by our developers there are layers of code which is like kind of like OS you don't as a Sim in a way that you don't want to write internet Pro protocol each time you do a network communication similarly don't want to write each time the basis for the can network communication so you probably use some libraries and then between like things can happen between these especially between between those two layers um the issue is speed we are working on

improving the speed as much as we can uh but yeah it's work in progress hopefully actually we'll open source it at some point when it gets bit more stable um and then we move to the pen testing pen testing is kind of similar to the your normal pen testing but with uh any with additional Hardware layer let's say the business logic can still occur for example there is a can message that says read me part of the memory because in that part of memory usually usually is that some some log message and then you do buffer overl there or you read bigger part of the memory than expected and you manage to read let's say cryptographic keys if they're not

stored properly in some secure place that actually happened think about that again Jeep uh so that that logic still applies but you have additional layer of JTAG uh test points because when the device is on the done when it comes out of the production line there's supposed to be some test points where the you can check the quality that everything works and uh for example maybe from those test points you can actually access part of the memory to see that uh because you need to test that everything is there but from penetration test penetration testing perspective that's like really nice entry point um and yeah thing happens things happened uh it's not uh that we are doing that in our

separate bubble um like Lexus Toyota hold hold those uh their Wii sorry their Telemetry unit Pro Telemetry unit provider got hacked and you can do betting with the cars uh for says cars with Wi-Fi vulnerability are still safe to drive um on the other hand uh this one on the right side because that of that regulation Porche decided to stop the sales of Maan SUV uh earlier and wait for and they had a gap between the earlier version and new new generation because they couldn't prove to the homologation body that it was good enough with cyber security so uh and the thing that you I like all of you can think um and I mentioned that in

Vin in we need to patch those things there is like there is an end of support for Windows 10 there is now end of support for your car and the big question is what will happen like no is sure when end of support happens then what uh this kind of doesn't apply to us because we need to support our oems but it's more questions for the O um when until when they will provide security updates for your vehicle and uh what will happen now usually what they think at some point let's say 15 years time they will say no security updates they will cut you off from the internet and your internet connectivity won't work um and that's why you can also see

those all bizarre subscription thingies in the vehicle because how do they handle software development from it perspective of let's say our mobile phone that we all now expect that we have in a car because each time you have an update those guys that test the test the component that doesn't kill you need to do all the things again and again yeah so uh life it's a development with real life uh impact both from cyber security and uh functional safety because it can slam into the wall right if you if you do our job badly yeah that's it any questions and there your mic thank you y the gold one thanks a great presentation by the

way uh so you mentioned that uh some things can come over the wire some things can you know be a physical uh misuse and maybe uh you know dising something and you know tapping some jte or something to actually do some harm on the car so and you were mentioning like um uh systems for holding craic keys and so uh do now these requirements required that these critical systems or chips or whatever have some kind of temper proof detection and that you know if you try to mess with them you know they get you know fried or stop working or any kind of you know temper proofing for those devices so that for the the attacks that

are do not come over the wire but come physically you know the car itself would not allow this or would get you know not useful after that yeah okay that that's the idea yeah so but in uh think about it like this in in that case that means that somebody will actually like come come inside and put the top plate take out the the device top remove the top plate dis hold or something that and you need to have time to actually put it back together once you did something bad and put it back so I mean from my perspective yes to to answer your question yes that's why we have hsms and uh the second topic bigger

maybe topic for me is that even if this occurs uh even if they manage to get something because at that point they disassembled the vehicle uh but the knowledge they received from that one should not be be able enable them to hurt another vehicle which is still on the road yeah or we saw that these kind of things you know broke DVD players Blu-ray players because it's a trusted client issue you know once you get you know the manufacturer Keys you know all bets are off basically yeah I mean so the idea is okay fine you manage to break everything you sold it back a new chip I don't know find some vulnerability and you manage to update

your particular ECU with something new that is not ours let's say uh even if you manage to do that you should not be be able to do it on other vehicle without repeating actually the whole procedure again yeah last thing uh so since you said that it's extremely uh you know for the safety perspective of it you know it's very important that you know the functions basically work and uh so is there any kind of idea that you know the basic functionality that once were formally tested they're baked in into some kind of you know I would say like a backup you know fpga or something and that you know if the system detects any kind of anomalies like potential you

know hack or something you know those things are basically just wiped and you just default back to the original factory setting for old car safety features there are two concepts uh you can apply here so one one thing is that actually is is ongoing regardless of the cyber security and for the functional safety part is that there is ongoing for example some uh redund sorry check of the integrity of the whole memory and if they see that memory has changed then they will raise a flag uh and your dashboard will light up actually and in the modern times that that data will actually go to the vehicle security Operation Center because that's now I think and then you have may on some

devices if manufacturer if the if the client specifies they can have a Ab uh part of the memory when then you swap if the B memory is still intact then you swap back to the a So yeah thank

you thank you I didn't say sorry hi just a quick question when you're sitting down to consider these types of threats do they do you have some sort of formal system which helps you to sorry do I have some do you have some sort of formal approach or system which helps you figure out or you just brainstorm and everybody throws idea yeah this could be yes and no um we use our previous experience as I said my previous experience was pentesting uh at moment currently there is no let's say for okay there is a let's say minimum set of things that you need to check which is provided by the standards that's not nearly enough

and that's not updated enough so we try to track a lot of things on the with researchers but for example unlike uh subscription Services now that you can subscribe an it for threat intelligence there is no as far as I know there is no let's say threat intelligence with the automotive there is some uh attempts there is now Automotive vulnerability database simil similar as as a standard vulnerability databases which is set up by Trend Micro uh there's like we are going in that direction and uh there is a there are tools to threat for threat modeling which are use some formal like it makes you it forces you to do formal methods um but when we asked all those

uh like okay you provide a tool but where from where do we get the data they're like on your own so yeah um I would say we're couple of steps back from the and the that embed Trail the um attack three from the embed framework that's completely new that's and that's a big step forward in some formalization thank you really interesting I like to ask you if one day I can be invited to to try you can anyway um I have a question um the aviation industry is facing the same uh let's say topic yeah I guess approaching the same threats and uh essentially what I've seen is uh the the car the automotive industry and the aviation

industry based everything on a sort of flat Network where you attach some modules somehow more yeah so uh the question is uh what about uh the compromise of the supply chain and what about what if um you have a and Insider who will share all your sensitive information I I I was uh okay there there's two questions here one do we um yes modern all modern cars have separated networks so five six seven I don't know uh there is like your uh function safety relevance part of the network and no messages should be allowed let's say from the infotainment of telemetry unit to that they're actually usually they're in the middle let's say there is a wall kind of device

which uh filters what goes where uh so yeah um in this probably I guess the same goes for the aviation that they have some let's say function safety part of the network and there is the other part of the network in pretty much in a similar manner as you would do a DMZ and like your core Network um the second part of the question sorry I forgot if you have an Insider please ah okay uh then uh I would be I'm trying to behave and we are trying to behave as I would I we are we were behaving in my longtime previous life in C card business so you will have your crypto keys and HSM on the back end so nobody

can actually access it like dual controls and stuff like that yeah uh on the other part if some developers get mad and put code inside yes we have uh code review and everything else like that um there is huge now business in similar Manner and as we there is an it for software decomposition uh which kind of works it works good for the infotainment stuff uh for Telemetry units because mostly they're on Linux Linux so for fully embedded it's so it's really hard to do because it's like one blob of binary code uh and it's specific the structure is specific uh to the microcontrol you're using uh um but if you're wondering where the Blackberry as a

company is it's live and kicking in automotive actually they have a solution for let's like a hypervisor for your for your core device where you have isolation with the containers like and they actually have a product which does the software DEC composition that can you can use if you need it again I I'm looking that from different perspective because we are the one who build the code but if I I was automotive manufacturer and used receive the binary from somewhere then you should check as much as you can thank you um thank you for the presentation it's great uh one question if I'm a hacker I want to earn money so what's your opinion what could be the worst uh

scenario if I obtain uh let's say if I obtain enough information is it possible to block like all the cars and ask for ROM for manufacturer or um yeah I would say so I had this discussion uh a couple of times and I was I was in gurg for some connected vehicle uh conference there and we talked about that on the launch and we all agreed that the money is not in attacking actual user of the vehicle because for me my vehicle stops working I'm highly annoyed I'm angry at the company but bottom line I will go to the service shop and say fix it and they will re probably ref fles need to refresh everything and from my p as and

user perspective most likely the event will be as a some big problem with the engine I don't know or gearbox whatever something oh my Axel broke down because I speeded over the bump um but that's a if that scales that's a huge cost from the for the oems for the manufacturers and then I think if you manage to get into the position that you block if you break break the vehicles you can extort the manufacturers for the money and say sorry like give me a million or you will have a cost of 100 million to recall all the devices uh yeah so I I think that's the crime perspective that's possible but on the other hand it doesn't need to

be crime perspective we had a colleague with the brand new car of from Volkswagen group he clicked there was a popup it it was update he clicked update and the car [Laughter] picked thanks any hands no um there yeah at the back yeah

yeah hi thanks for the presentation it's really interesting to see uh just wanted to ask you like um do you have any easy ways of disabling internet access and general connectivity uh of the cars when like in 15 years as you said no one no one's going to be patching them probably and I would really like to have my airbags deployed instead of it mining crypto or stuff like that um I'm kind of wrong person to ask because because that's not what we're dealing with uh but there is a concept of fuse registers um so you write only once and it you cannot so once you write something in you cannot change it the Tesla I saw some presentation online

basically for example Tesla uses this technology to um want to fuse the production Vehicles so the they for their employees I think have um let's say test Vehicles where you can more easily up update things and maybe even even more importantly roll back updates which is not possible on production vehicle uh and then you fuse do like fuse the register and then you cannot do it anymore so I I kind of expect it's a software command for a physical thing so I think probably the same thing will happen there do you maybe think is that like a practice that that's uh currently used by automakers to plan for like when they don't don't plan to patch things anymore I'm not

sure that they I I mean they're supposed to have some plan they're not sharing that with us um because that's their internal secret knowledge uh but I what I know when I talked some to some OEM manufacturers is that uh it's a huge issue for them and they're not 100% sure how to do it um sorry OEM manufacturer original equipment manufacturers um so we are tier one supplier to the pro car production companies what you think of car production companies like uh big those big groups in our world of it that would be more like integrators they kind of buy everything from everybody else and they integrate it cool thank you this will be the last question

because we have six minutes to next presentation so uh see you later and take youer thank you