Protecting Connected Vehicles App Ecosystem

Ted Guild

Copyright © 2017 W3C ® (MIT, ERCIM, Keio, Beihang)

Protecting Auto App Ecosystem

Ted Guild

Genivi logo

Genivi AMM, Birmingham, UK

May 10, 2017

Attack Surface Size

Vehicle's interet connection is the biggest attack surface

Genivi Security Expert Group

Sound Practices

High Level


We are building a framework for 3rd party apps (FB, Waze, Pandora)

See yesterday's Genivi / W3C Liaison presentation

Other day job - Head of IT


Remember when you could account for every network connection?

Connected vehicles should be able to account for every connection

Development and Testing

Lock it down

Possible package requirements for 3rd party apps. Suggestions partially address OWASP top ten

SSL hardening

merely using SSL alone is not enough

Web Application Firewall (WAF)

Another idea

Web Application Firewall (WAF)


Open Browsing

Hearing some are considering allowing full open browsing


Purpose of this presentation was to start the conversation

Thank You