Long post, quick wrap up. A lot of things have been happening and I feel sorry for not being able to post more often, but happy to now find the time to give a status update about Zero Day achivings within second half of 2022 and beginning of 2023.
After the first successful 9 month being an independent GmbH, it is time for a status report.
We ended the year 2022 in a great way. As we have been growing to a trusted partner for our customers, we are happy to work on further projects in very interesting and challanging projects in breaking edge infotainment technology. Besides general Security Consultancy and Engineering in embedded Linux field, we are provide and deepen our expertise in automated code signing.
Furthermore we are providing solutions for Field Return Part Analysis of locked ECUs.
Thinking about Electronical Control Units in customer hands (but can be adopted to almost any embedded device in customer hands) an OEM has the duty to remove any debugging capabilities from the device, as debugging capabilities represent threats to the system which could maliciously be abused by attackers in order to harm the customer. Nowadays this layer of security is even enforced for any automotive system operated within the european union by the UNECE WP.29 regulations.
This layer of security does not only lock a device for attackers, but also for the OEM itself who may have the need to debug broken devices and software.
Any automotive OEM and supplier producing an automotive system is therefore challanged to solve this problem.
Designing a solution which enables OEMs for analysis of broken devices, while still maintaining the security of the device, requires sensibility in many forms. It is not only about implementing a secure architecture on the target, which even in case of a security incident does not bring any advantage to the attacker in terms of exploitation, but furthermore it is about designing an infrastructure allowing to continuously track and monitor the state of locked and unlocked devices while identifying engineers unlocking a unit. We are happy to drive this kind of implementation and provide further consultancy in regards of those topics in future, as well as further acquiring interesting projects in field of Security Engineering, Security Related Software Development and more.
In order to fullfill the high demand from customer side, we have grown to a team of 4 software engineers and 3 security engineers, excluding me being mainly involved in administrational and PO tasks nowadays. Our team got further support from a colleague supporting in terms of accounting. For sure one of our tasks within the last months was also to built up infrastructure in order to collaborate as a team efficiently.