To use our site, you agree to the use of cookies and data processing according to our privacy statement.
Close
Search

Attacking AUTOSAR using Software and Hardware Attacks

Your latest car is a computer. Whereas in the past only simple control logic had been deployed in a car, today demanding computers handle tasks like powertrain control and signal processing for autonomous driving.A modern car depends on tens of different computers, typically referred to as Electronic Control Units (ECUs), ranging from sensors to high-performance computing platforms. The automotive industry quickly realized that some form of standardization is needed as multiple suppliers and manufacturers are working together to produce a single modern car.

Download whitepaper

AUTOSAR

The AUTomotive Open System ARchitecture (AUTOSAR) is a worldwide partnership initiative aiming to develop and establish an open industry standard for automotive E/E software architectures. The automotive industry is rapidly adopting this standard, and therefore it is important to understand the attack surface of AUTOSAR-based electronic control units (ECU).

The threat model for AUTOSAR-based ECUs should include local and remote attackers, attackers with significantly different budgets, different skills, and completely different motives. The AUTOSAR standard and the standards on which it builds (e.g., MISRA C) focus mostly on robust software, which is fundamental for security and safety. Nonetheless, it is not unlikely that ECUs will be attacked using hardware attacks.

AUTOSAR software and hardware attacks

In this paper, we describe several scenarios of how software and hardware attacks can compromise the security of AUTOSAR-based ECUs. We consider an attacker with physical access to the ECU capable of exploiting both software and hardware vulnerabilities. We discuss how an attacker can use different attack techniques to exploit these vulnerabilities. Moreover, we describe a case study in full detail where we execute arbitrary code on an AUTOSAR-based demonstration ECU by performing a voltage fault injection attack on the AUTOSAR communication stack. Several automotive threats may materialize if an attacker can execute arbitrary code on an ECU. For example, it will be possible to persistently modify the ECU’s functionality if its code is not authenticated using secure boot.

Register below to read the full whitepaper!

This paper is authored by Niek Timmers, Riscure, and Pascal Nasahl from Graz University of Technology, Austria. In 2021 it was updated by Riscure Team.