2026-05-07 –, Workshops and Stage - Gernsback (C1.05.02)
Modern vehicles are no longer just mechanical machines—they are complex distributed systems with hundreds of electronic control units, multiple networks, and cloud-connected devices. In this talk, I will share the daily challenges of working as an automotive cybersecurity researcher and how real-world constraints shape security research in the automotive industry.
I will begin with a brief introduction to my role as a security researcher. My work involves analyzing vehicle hardware, telematics systems, IoT modules, and embedded firmware to identify vulnerabilities before attackers do. Unlike traditional IT security, automotive security requires deep knowledge of hardware, embedded systems, radio protocols, and real-time system constraints.
A key part of this talk will focus on automotive communication networks and interfaces. I will explain how in-vehicle networks operate, why security is challenging to implement, and how attackers can exploit weaknesses through message manipulation, spoofing, and denial-of-service techniques. I will also cover interfaces such as UART, JTAG, Bluetooth, cellular modules, and diagnostic ports, highlighting how each interface expands the attack surface.
One major challenge in automotive security is that hardware changes are often restricted due to cost, certification, and production constraints. As a result, many security mitigations must be implemented at the firmware or software level.
Real-world case studies will be shared to demonstrate how fraud and attacks occur in connected vehicle ecosystems, including device spoofing, firmware tampering, GPS manipulation, and backend abuse. In manufacturing environments, even short security incidents can halt production lines, causing significant financial impact, highlighting why automotive cybersecurity is critical infrastructure protection.
I will also reflect on the difference between being a hardware hacker and working in corporate security environments where responsible disclosure, risk management, and compliance are essential alongside technical skills.
Hrishikesh Somchatwar (@StorytelnHacker) is an independent security researcher, bestselling author, and international speaker known for his deep expertise in hardware and automotive cybersecurity. With a passion for uncovering vulnerabilities in embedded systems, he has presented his research at top security conferences worldwide, including SCSA Georgia, Defcamp Romania, SecurityFest Sweden, DeepSec Austria, Bsides Delhi & Ahmedabad, Hackfest Canada, and c0c0n Kochi.
Beyond cybersecurity, Hrishikesh runs The StorytellingHacker Podcasts, where he shares insights on hacking, security, and storytelling. His thought leadership extends to his engaging Twitter presence, where he discusses cutting-edge security topics.
In his free time, he explores Vedic Astrology (Jyotisa), blending ancient wisdom with modern problem-solving. Whether on stage, in a podcast, or through his writing, Hrishikesh brings a unique perspective—merging technical depth with the art of storytelling.