Security Cracks at the Summit: Rethinking OTA Updates

EunGyo Seo, HEA EUN MOON & Hyunseok Yun | Day 2, 10:05am - 10:50am

Abstract

The recent developments in autonomous driving and connected car technologies have propelled the rapid advancement of smart cars and In-Vehicle Infotainment (IVI) systems. However, alongside this progress, there is a growing threat to cybersecurity.

This presentation examines various IVI attack surfaces, including firmware extraction, Bluetooth communication, and software updates. In particular, it focuses on the security vulnerabilities within the Over-the-Air (OTA) mechanism in IVI systems.

The primary goal of this presentation is to enhance awareness of security challenges within the IVI ecosystem and to provide relevant insights.

The Speaker(s)

EunGyo Seo

EunGyo Seo

EunGyo Seo is a security researcher specializing in IoT vulnerability analysis. Since joining NSHC in December 2022, she has been actively engaged in discovering and analyzing security flaws in embedded systems and connected devices. Her expertise includes exploit development, reverse engineering, and bypassing modern security mechanisms. She is a member of the Pwn2Own Automotive 2025 CIS Team (COLLISION), where she contributed to successful vulnerability exploitation, leading to a winning performance. With a strong focus on offensive security, she continues to push the boundaries of IoT security research, uncovering critical vulnerabilities in real-world systems. Her research interests include binary exploitation, firmware security, and advanced attack techniques against IoT devices. She is passionate about sharing knowledge within the security community through research, conference presentations, and collaborations.

HEA EUN MOON

HEA EUN MOON

I am the director of Red Alert Labs at NSHC, with a total of 24 years of experience in IT security. My primary work involves discovering zero-day vulnerabilities in various types of software, including browsers, kernels, IoT, and ICS/SCADA systems. I have organized CTF competitions at major hacking and security conferences such as Black Hat, DEF CON, MOTIE, and HITB. I also enjoy participating in CTFs myself and take part in computer hacking contests such as Pwn2Own and SPIRITCYBER.

Hyunseok Yun

Hyunseok Yun

I have a broad interest in security vulnerabilities in embedded systems, including IoT/OT and automotive security.