Date: September 25, 2025 (GMT +8)

Time: 15:25

As connected cars continue to evolve, their attack surfaces are expanding rapidly. One of the most critical vectors is the In-Vehicle Infotainment (IVI) system, which connects the vehicle to external networks. While such connectivity enhances user experience, it also introduces serious security risks. But how well do we truly understand these systems—and are we evaluating them from an attacker's perspective?

In this presentation, we examine a real-world IVI system developed by Alpine. Focusing on key services that form the attack surface, we take a deep dive into how these components operate and where they break. In particular, we analyze the Over-the-Air (OTA) update mechanism and uncover vulnerabilitie within its process. Through this case study, we aim to highlight often-overlooked risks in automotive software and provide insights into how IVI systems can be effectively targeted and better secured.

Speaker

EungyoSeo
Eungyo Seo, also known as Wynt3r, is an offensive security researcher at NSHC Inc. She is a member of the Pwn2Own Automotive 2025 CIS team (COLLISION). She specializes in embedded systems, including IoT, OT, and automotive security.

« Back