![]() |
![]() |
University of Birmingham > Talks@bham > Computer Security Seminars > Beneath the Bonnet: a Breakdown of Diagnostic Security
Beneath the Bonnet: a Breakdown of Diagnostic SecurityAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Andreea Radu. An Electronic Control Unit (ECU) is an automotive computer essential to the operation of a modern car. Diagnostic protocols running on these ECUs are often too powerful, giving an adversary full access to the ECU if they can bypass the diagnostic authentication mechanism. Firstly, we present three ciphers used in the diagnostic access control, which we reverse engineered from the ECU firmware of four major automotive manufacturers. Next, we identify practical security vulnerabilities in all three ciphers, which use proprietary cryptographic primitives and a small internal state. Subsequently, we propose a generic method to remotely execute code on an ECU over CAN exclusively through diagnostic functions, which we have tested on units of three major automotive manufacturers. Once authenticated, an adversary with access to the CAN network can download binary code to the RAM of the microcontroller and execute it, giving them full access to the ECU and its peripherals, including the ability to read/write firmware at will. Finally, we conclude with recommendations to improve the diagnostic security of ECUs. This talk is part of the Computer Security Seminars series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsCold atoms Analysis Seminar 2023/24 Theoretical Physics Journal Club and Group MeetingOther talksKneser Graphs are Hamiltonian Quantifying the economic and environmental effects of the RCEP Harness light-matter interaction in low-dimensional materials and nanostructures: from advanced light manipulation to smart photonic devices TBA TBA Plasmonic and photothermal properties of TiN nanomaterials |