Under the Hood Tracking API Exploits Before They Hit the Road

Описание: APIs are the backbone of today’s connected vehicle ecosystem—powering everything from remote commands, over-the-air updates, to EV charging—but they’re also becoming prime targets for attackers. While cybersecurity teams focus on perimeter defenses and known vulnerabilities, API abuse often flies under the radar, leaving vehicles exposed to threats hiding in plain sight. This session takes a practical look at how automotive APIs are being exploited in the wild and why current security practices aren’t enough. We’ll break down real-world examples, including the VIN Spray technique—where attackers used API manipulation and social engineering to pair unauthorized users with vehicles—and recent research showing how attackers can activate vehicle functions through dealership APIs using nothing more than a license plate. The core challenge? A lack of correlation between API traffic and connected vehicle data like telematics, ADAS events, or sensor anomalies. Without this context, it’s nearly impossible to distinguish normal API usage from malicious intent. We’ll walk through practical strategies and frameworks for bridging this gap, including: Detecting anomalous API behavior with contextual triggers from in-vehicle data Building rules and models that account for cross-layer API abuse Implementing real-time detection pipelines to flag suspicious vehicle-command activity


About the Speakers:

Elad leads Upstream’s cyber threat intelligence solution, AutoThreat®, the first mobility purpose-built CTI service and platform. AutoThreat® collects, analyzes, and leverages mobility threat intel from multiple public, deep and dark web sources enabling stakeholders to gain domain-specific context of cyber threats impacting their assets and supply chain. Prior to joining Upstream, Elad established and led several CTI teams in the critical infrastructure, IT and corporate due-diligence sectors. Elad served in the Israeli Defense Force’s elite technological unit 8200 and holds an L.L.B in commercial law and is a certified attorney, member of the Israeli bar association. In his spare time he really never misses his weekly basketball training.


Ruslan is a Senior Cyber Security Solution Engineer at Upstream Security, helping global mobility and connected services providers secure their APIs, telematics, and digital infrastructure. Leveraging expertise in API security, SIEM, and incident response, he works with customers to design proactive detection, threat hunting, and vulnerability discovery strategies tailored to automotive and IoT environments.
Prior to his current role, Ruslan was a Senior Cyber Security Analyst at Upstream, developing detection logic and threat models for connected vehicle ecosystems.