Have you ever wondered how microcontrollers in vehicles manage memory access behind the scenes? This episode sheds light on the Memory Protection Unit, an essential yet sometimes overlooked hardware layer designed to stop unauthorized reads, writes, and execution. We revisit fundamental principles—like differentiating between the Core MPU (CMPU) and the System MPU (SMPU)—and explain how each can become a target for cyber attackers.

Through detailed automotive cyber security case studies involving two newly discovered vulnerabilities, we reveal how a privileged attacker might disable the SMPU entirely. When that happens, carefully drawn security boundaries collapse, exposing critical sections of code and data. The conversation further explores how incomplete hardware locking mechanisms can nullify protective features, leaving devices open to unexpected exploits.

Despite these alarming scenarios, there are proven strategies for mitigating threats. We discuss testing every crucial claim in the datasheet, adopting multiple layers of security, and monitoring vendor errata to stay informed about updated countermeasures. This episode will challenge listeners to question assumptions and take a closer look at an automotive security architecture often assumed to be rock-solid.

Chapters:
(00:00) Introduction to Automotive Memory Protection Units
(01:43) From MMUs to MPUs
(03:08) The MPU: A Modern Day Cyber Sentinel
(05:18) Protection Units in the Automotive Domain
(08:09) Types of MPUs
(08:21) Core MPU (CMPU)
(09:01) System MPU (SMPU)
(09:54) Peripheral Protection Unit (PPU)
(11:54) Some background: The PowerPC architecture
(13:23) The MPU Vulnerabilities
(14:48) The Core MPU and its Limitations
(17:06) The System MPU (SMPU)
(19:38) Configuring the SMPU
(21:50) The SMPU Vulnerability
(23:10) Disclosure to STMicroelectronics
(25:55) Disclosure to NXP
(28:05) MPU Mitigations
(28:55) Concluding remarks
(29:48) Outro on the MPU PlaxidityX Case Study

Contact us:
https://www.linkedin.com/company/plaxidityx/
https://www.youtube.com/@PlaxidityX
contact@plaxidityx.com

This episode explores AI’s transformative role in automotive cyber security. As vehicles become increasingly connected and autonomous, cyber threats have evolved, but AI provides the precision and speed needed to counter these challenges.

Join us as we unpack the critical role of AI in protecting modern vehicles, from anomaly detection to sophisticated threat investigation using generative AI and large language models. Additionally, we discuss the dark side of AI, where attackers use it to create adaptive malware and targeted phishing, raising the stakes for cyber security in the automotive industry. Listeners will discover the power of generative AI (GenAI) and large language models (LLMs) in revolutionizing threat investigations, enabling quick identification of vulnerabilities and predictive analyses of possible attack scenarios. We also cover the benefits of XDR platforms, which integrate AI to offer holistic security for connected vehicle fleets.

Whether you’re in cyber security or the automotive industry, this episode reveals how AI innovations are paving the way for more secure and resilient vehicles. Tune in to discover the latest advancements in AI-driven automotive security and the proactive measures required to stay ahead of evolving cyber threats.

Chapters:

• (00:00) Introduction to AI’s Role in Transforming Automotive Cyber Security
• (01:17) The Value of AI in Automotive Cyber Security
• (03:17) AI-Powered Anomaly Detection in Vehicle Data
• (05:17) GenAI and LLMs: Revolutionizing Threat Investigations
• (08:27) The Dark Side of AI: Powering Advanced Cyber Attacks
• (10:04) XDR: The AI-Driven Defense Against Evolving Cyber Threats on Fleets
• (12:15) Race Against Time: Automotive Cyber security Must Evolve or Be Left Behind
• (13:13) Outro on the Critical Role of AI in Protecting Modern Vehicles

Contact us:
https://www.linkedin.com/company/plaxidityx/
https://www.youtube.com/@PlaxidityX
contact@plaxidityx.com

Intrusion Detection System Managers (IdsM) play a vital role in modern automotive cybersecurity, addressing the challenges posed by complex security events and regulatory requirements. IdsM solutions filter and standardize event data from AUTOSAR and Linux ECUs, reducing inefficiencies in monitoring and analysis.

In this episode, we will explore how challenges related to fragmented formats, limited ECU storage, and escalating data volumes are addressed by IdsM. By filtering irrelevant events locally, these solutions enhance fleet automotive security monitoring while reducing costs.

Join us to discover how PlaxidityX’s IdsM for Linux provides OEMs and Tier 1 suppliers with faster time-to-market, reduced development costs, and an enhanced approach to securing connected vehicles.

Chapters:

(00:00) Introduction to Intrusion Detection in Connected Vehicles
(00:43) Regulatory Challenges & The Need for Security Event Monitoring
(03:36) Introduction to Intrusion Detection System Managers (ITSM)
(05:12) AutoSAR vs. Linux: The Standardization Gap
(06:13) Cross-Platform ITSM Solutions
(07:07) Key Benefits for OEMs & Tier One Suppliers
(08:13) Wrap-Up & Closing Remarks

Contact us:
https://www.linkedin.com/company/plaxidityx/
https://www.youtube.com/@PlaxidityX
contact@plaxidityx.com

The rise of CAN injection car theft has introduced a new level of sophistication to vehicle hacking, allowing thieves to access the CAN bus. In this episode, we discuss how this technique allows hackers to tap into the CAN bus through exposed wiring, sending fake messages that bypass security measures and immobilizers.

The impact of these attacks extends beyond individual car owners, posing significant challenges for automakers in terms of reputational risks and costly recalls. Insurers are also affected, facing increased claims and raising premiums in response.

Stay tuned as we uncover how automakers are fighting back with solutions like Intrusion Detection Systems, enhanced encryption, and real-time fleet monitoring through Vehicle Security Operations Centers. Learn what’s being done to secure vehicles against this new wave of cyber threats and what the future holds for vehicle cyber security.

Chapters:

(00:00) Introduction to CAN Injection Attacks

(00:53) Auto theft has been around as long as automobiles themselves
(01:47) The latest twist is impressive
(02:33) What is a CAN and how is it compromised?
(03:48) “CAN injection” impersonates the smart key
(04:26) CAN injection is a huge problem
(05:10) So how can OEMs fight back?
(07:28) Additional layers of defense to consider
(08:38) Outro on CAN injection theft solutions

Contact us:
https://www.linkedin.com/company/plaxidityx/
https://www.youtube.com/@PlaxidityX
contact@plaxidityx.com

Keyless entry systems, once considered the pinnacle of vehicle convenience, are now a major target for hackers and car thieves. In today’s episode, we’ll explore the vulnerabilities in Remote and Passive Keyless Entry (RKE/PKE) systems, focusing on how replay, relay, and roll jam attacks exploit their weaknesses.

We break down these attack methods, illustrating how hackers bypass rolling codes, exploit weak cryptographic implementations, and outsmart proximity-based systems. We’ll also discuss practical solutions, such as implementing high-entropy cryptographic functions, RSSI localization, motion sensors, and ensuring automotive security compliance.

If you’re curious about OEMs' cyber security advancements and how technology like OTA updates can mitigate vulnerabilities, this episode is a must-listen for understanding the future of car cybersecurity.

Chapters:

(00:00) Introduction to Keyless Entry Systems Security
(01:29) Remote Keyless Entry (RKE) Systems
(01:52) The Replay Attack on the Key Fob
(03:00) The Next Wave of RKE Attacks: The Roll Jam Attack
(04:58) Passive Keyless Entry (PKE) Systems
(05:42) The Relay Attack on the Key Fob
(06:32) Best practices for mitigating relay attacks
(06:36) Mitigation #1: Set upper bound on response time
(07:02) Mitigation #2: Use RSSI to estimate key fob location
(08:12) Mitigation #3: Integrating motion sensor
(08:38) Known Challenge Relay Attack on the Key Fob
(10:18) Secure implementation is the name of the game
(11:52) Outro on Remote/Passive Keyless Entry Systems

Contact us:
https://www.linkedin.com/company/plaxidityx/
https://www.youtube.com/@PlaxidityX
contact@plaxidityx.com

Automotive cybersecurity is becoming increasingly important as electric vehicles face new vulnerabilities. In this episode, we explore a major flaw discovered in the EVerest open-source charging firmware, which could allow attackers to take control of charging stations and potentially compromise vehicles themselves. This vulnerability serves as a stark reminder of the importance of securing EV charging systems as part of the broader electric vehicle infrastructure.

As electric vehicles become more integrated with smart grids and other technologies, their cybersecurity risks grow. Vulnerabilities like this one could have serious implications not only for individual vehicles but also for entire charging networks and infrastructure. We discuss the technical details of the vulnerability, how it could be exploited, and what steps need to be taken to secure these systems.

This episode offers essential information for anyone in the EV manufacturing space, as well as those interested in the cutting-edge developments of automotive cyber defense. Don’t miss this important conversation on protecting electric vehicles and the charging systems that power them from the next generation of cyber threats.

Chapters:

(00:00) Introduction to Critical Vulnerability in EVerest Open-Source EV Charging

(02:03) EV Charging Vulnerability Description

(03:35) What makes this vulnerability unique?

(04:15) Sample public charging station attack scenarios

(05:05) Why EVs May Also Be at Risk from This Vulnerability

(06:20) Important Takeaway for EV Manufacturers

(07:25) Proactive Steps for EV Security

(08:02) Outro for the PlaxidityX Automotive Cybersecurity Podcast

Contact us:
https://www.linkedin.com/company/plaxidityx/
https://www.youtube.com/@PlaxidityX
contact@plaxidityx.com

Automotive networks face an alarming threat: Man-in-the-Middle (MITM) attacks exploiting the SOME/IP protocol. This episode explores how attackers intercept and manipulate communications between ECUs using in-vehicle Ethernet networks, enabling them to falsify data, disrupt services, and compromise safety.

We outline the attack setup, flow, and the devastating impacts on vehicle behavior, from denial of service to user information disclosure. Using real-world examples, we show how attackers exploit vulnerabilities in SOME/IP Service Discovery mechanisms to gain control.

Tune in to learn how proactive automotive cybersecurity measures are shaping the future of connected vehicles and protecting against the growing threat of SOME/IP protocol hijacks.

Chapters:

(00:00) Introduction to MitM Attacks on SOME/IP Protocol

(01:44) Background to SOME/IP and Service Discovery

(02:51) Reference Attack Setup

(03:24) MitM Attack Flow

(05:30) Attack Mitigation

(06:44) The Role of the SOME\IP in the E/E Architecture

(08:08) Outro of MitM Attacks on SOME/IP Protocol Episode

Contact us:
https://www.linkedin.com/company/plaxidityx/
https://www.youtube.com/@PlaxidityX
contact@plaxidityx.com

In this episode, we explore how industry leaders PlaxidityX, CyberArk, Device Authority, and Microsoft have joined forces to pioneer the next generation of automotive and mobility security solutions. With new regulatory mandates like UNECE WP.29 and ISO 21434 on the horizon, the automotive industry requires a holistic approach to securing vehicles across their lifecycle.

This collaboration integrates technologies like GitHub Copilot and Azure OpenAI Security Copilot to provide end-to-end security. From comprehensive threat detection to lifecycle posture management, the solution addresses every aspect of automotive cybersecurity.

Tune in to discover how this partnership is driving innovation, ensuring compliance, and safeguarding data across connected cars, cloud environments, and beyond.

Chapters:

(00:00) Industry Leaders Unite to Pioneer Next-Generation Automotive and Mobility Security Solution

(01:55) Key Areas of Automotive Collaboration and Innovation

(03:41) Key Components of the Mobility Security Solution

(07:52) What’s Next in The Complexities of the Automotive Industry

(08:21) Outro on Innovative Vehicle Collaboration

Contact us:
https://www.linkedin.com/company/plaxidityx/
https://www.youtube.com/@PlaxidityX
contact@plaxidityx.com