Konferenzen und Rahmenprogramm
Be Secure and Never Use /bin/dd Again: What IoT Developers Can Learn from Automotive OTA Updating
Every team making an Internet-connected embedded device knows they're going to need a solution for delivering software updates. Every security engineer knows that software update systems are a very high-value target. And yet, we still see new devices come out with no way to update, or update systems that repeat mistakes of the past, like relying solely on transport security or not planning for rotation and revocation of software signing keys. The automotive world is starting to come around, using the Uptane framework for delivering firmware updates to vehicles. What can the IoT world learn from this? In this talk, we will briefly introduce the threat model of Uptane, and how it provides both resistance and resilience against known attacks on software update systems. Then, we will show how Foundries.io adapted libaktualizr (an open-source Uptane-based client for automotive use) to suit IoT devices, and the surprising development workflow efficiencies that were gained "for free".
--- Datum: 25.02.2020 Uhrzeit: 17:30 - 18:00 Uhr Ort: Conference Counter NCC Ost