Riscure is joining ESCAR conference, the major automotive cybersecurity event on June 21-22 2017 in Detroit, MI, USA. At ESCAR we will present our latest research on security aspects of ASIL-D certified microcontrollers.

Attending ESCAR? We are presenting the research at 3.30pm June 22. Check the full agenda at ESCAR's website here.

In the research we have applied Fault Injection methods to evaluate three Microcontroller units (MCUs) currently used by the automotive industry. Two of these MCUs are certified according to ASIL-D standard (part of ISO 26262) with the goal to enhance resilience against hardware faults (such as power supply fluctuations, high temperatures, electromagnetic pulses) when operating in a hostile environment. The ASIL-D standard pursues the primary goal to enhance safety, and it would be logical to assume that the same improvements also affect security, when faults are deliberately introduced to circumvent protection methods. Our security experts Ramiro Pareja Veredas and Nils Wiersma decided to take a closer look at ASIL-D certified MCUs from a security perspective.

Security assessment of these systems showed that following ASIL-D specifications reduces the success rate of Fault Injection attacks, but does not fully prevent them. In fact, we have successfully applied a voltage glitching method to unlock a protected JTAG interface and extract proprietary firmware from an ASIL-D target. Detailed findings of this research will be shared during the ESCAR conference.