Almost everyone can be part of a community but it takes a special kind of person to lead one, to support it with their involvement and energy.
Our guest in today’s interview is exactly that kind of person.
Jun Li is a senior security researcher with the UnicornTeam in the Radio Security Research Department of 360 Security Technology in China.
His specialties include hardware security, connected car security, wireless security, and, we’d add, community building! That’s because Jun Li started the first DEFCON GROUP in China – called DC010! He’s also a member of DEFCON’s Global Advisory Board while routinely presenting his research at events such as Blackhat, HITB, CanSecWest, Syscan360, and, you guessed it!, DEFCON.
We’re super pumped to have Jun Li join us at DefCamp to share real-world examples of vulnerable devices he and his team have been hacking over the last few years. From hardware to the cloud, you’re going to see them all!
What it takes to get involved in the infosec process
Until we get to see Jun Li live, we asked him to give us a peek behind the scenes so we can all learn how to become better contributors to the infosec process. He immediately pointed out two essential habits worth cultivating:
The most important habits are:
-
To be curious. When I do research, my ultimate goal is to always figure out how a certain target worked, then try to find an attack vector.
-
Reaching out. Do not hesitate to ask or talk with fellow researchers around the world. One can learn a lot from other researchers.
Based on these two habits, Jun Li made his way through the infosec community, eventually becoming one of its leaders, especially in China.
I got involved in this global hacker community because I want to do some good for the community, to provide a platform for hackers to exchange ideas and to learn from each other. This gives me a sense of achievement.
The unexpected result would be meeting way more people than I expected. There are so many people willing to share their knowledge and to offer to help organize the events that I believe we can boost the world’s security capabilities through this hacker community.
Be part of a stronger and united infosec community
To make the infosec community even stronger and more united, Jun Li believes we need the following things:
I think we need to exchange information more often, to communicate more, to educate more.
We need more events like DefCamp or Defcon Group 010.
We also need to go outside our own hacker community to let others know security works so they can support us in many ways.
The industry is certainly packed with stimulating opportunities!
For example, here’s what Jun Li and his team are working on now:
The most exciting project we worked on was hacking the Tesla.
We learned how much effort a vendor is willing to make to secure their products. Elon Musk himself met with us in person to encourage us to find more bugs for them.
The importance of securing connected cars
With mobility holding a prime spot on the list of issues the world must solve ASAP, Jun Li cannot overemphasize the need for securing connected cars.
The reason to secure connected cars cannot be more obvious. People can get hurt or killed if a connected car gets hacked.
The biggest gaps are the need for security awareness among the R&D people working for car manufacturers and the need for security practitioners to understand how connected cars work.
The two communities or even industries used to be separated but now they need to cooperate with each other to make the cars more secure.
AI and cybersecurity for the Chinese infosec community
It’s certainly a unique opportunity to see Jun Li speak live and hear his perspective on all these key issues and more. Speaking of which, we couldn’t help but ask what the Chinese infosec community is discussing around AI and cybersecurity.
For AI, there are two often discussed topics in the infosec community here in China.
- The application of AI to the security system,
- The security of AI systems themselves.
For the first topic, I think I don’t need to go into detail because many companies are advertising their AI-powered products like IDS, IPS, Sample Analysis Engine, UEBA, etc.
For the second topic, people are trying to secure AI systems themselves. For example, adversary machine learning and model extraction can be classified as the security of an AI system. The security of the software and hardware frameworks used to build the AI system are also worked on. There are people concerned about the wide use of AI in mass media and news outlets that would only reflect the values of the people who built those systems.
Jun Li speaks fondly of the infosec community, echoing our own love and gratitude for the great people in this industry and beyond. At DefCamp, he wishes for this:
I hope to get to know the hacker community in Romania, to make more friends.
It matters to me because the hacker community is quite unique as hackers around the world are somewhat connected like family members, so meeting with the family members is important.
We told you DefCamp is like hacker Xmas!
Join us for two days of celebration, learning, and connectedness to the heart of cybersecurity!
This year, we’re taking DefCamp to the next level with the help of our main, long-time partner, Orange. With support from IXIA – a Keysight Business, Secureworks, UiPath, Bit Sentinel, Thales, and other selected tech companies that value the power of community, we’re building valuable, hands-on learning experiences for 2000+ attendees from all over the world!