5th year SNS (Systems, Networks and Security) major and assistant at EPITA's systems and security laboratory (LSE), Stanislas Lejay (EPITA class of 2018) has long shown interest in computer security linked to the automobile industry. This led him to join forces with the Quarkslab firm and co-organize this year's CodeBlue contest which was held in Japan at the beginning of November 2017. An interview with this future engineer, in pole position to explain automobile hacking.
Stanislas (left), with a passion for computer security and cars
Can you tell us about Quarkslab?
Stanislas Lejay: It is a cybersecurity company in Paris that I started working with, when studying at EPITA. I first contacted them for one of my projects, while analyzing internal bus data in cars. One thing led to another, and the teams eventually proposed that I work with them in my free time to develop new projects and acquire new skills. And, I've been working as an intern in the company since September 2017.
Why are you so interested in the computer and automobile sectors?
I've always loved to "play" with cars and am very interested in mechanics. And, as I also love computers, I decided to combine my two passions.
What was your role at CodeBlue?
CodeBlue is a cybersecurity event dedicated to hacking, which boasts a large conference, contests and different presentations. I was in charge of co-organizing a contest focused on automobile hacking, together with Quarkslab. The event was held in Tokyo from November 6 through 9, in the Shinjuku district. I went there to organize the contest and oversee the twenty-some participating teams, each composed of three to four individuals. Although the majority were Japanese, the teams that stood out also boasted members of different nationalities. And as this was my first trip to Japan, I decided to stay another ten days to visit.
Can you tell us about the contest?
We gave participants a simplified version of an automobile system, similar to those found in more or less recent cars, then asked them to attack the system by exploiting its vulnerabilities in order to take control of the bus and hence the car itself.
Were the participants good?
Yes, they were quite good. The majority of the participants already had some experience in automobile systems. In addition, several teams brought their own equipment to the competition. They rapidly understood how the custom protocol worked, which we added to the system: they knew what they had to do and how to do it. The best team was able to complete nine out of the twelve challenges proposed. This shows a certain ease in automobile hacking.
What made the biggest impact on you at CodeBlue?
The special atmosphere as well as the warm welcome and friendliness of the Japanese. All of the participants were polite and calm, which definitely made the contest run much more smoothly. Organizing an event in these conditions was really nice. This fabulous memory will remain etched in my mind for years to come.
Did you have any problems communicating with the participants?
No, the language barrier was not at all a problem. It's true though that the Japanese do not speak English very well. However, thanks to their knowledge of computers, the participants were much more at ease with the language. We tried to learn a bit of Japanese before the event so that we could communicate as much as possible, if necessary.
Did this experience make you want to work in Japan one day?
In fact, I will be doing a six-month internship there in February, in a structure created through the collaboration between Quarkslab and a Japanese company. We'll see how it goes when I am there. I may end up wanting to stay. Who knows?
What profession would you like to pursue after EPITA?
Of course, I think about this question a lot. Although I do know that I would like to work in the automobile industry, I'm still unsure of what exactly I'd like to do. I think the internship will help me see things a bit more clearly. Nonetheless, I know that I'll have no problem at all figuring out what I want to do after I graduate from EPITA.
As a student who is very interested in computer security, do you think that this subject will become increasingly important in the automobile industry given the rate at which vehicles are evolving?
Yes, and this is the main message that we wanted to get across at CodeBlue: with the arrival of autonomous and connected cars, automobile hacking is already a key issue. There have been some recent attacks that were quite spectacular, like when hackers, who were at home, took control of cars on the highway. This is why it is essential to raise public awareness about this subject: automobile computer security will become increasingly critical over the next few years.
Do automobile systems already undergo testing before they are marketed?
Although some companies test the systems, others have still not understood how important computer security is. Nonetheless, the most serious and forward-looking automobile manufacturers call on specialized firms to analyze their system