In this paper we discuss hardware attacks, like fault injection, which can be used to efficiently extract automotive firmware from secured ECUs. These attacks do not rely on an exploitable software vulnerability. Access to the plain-text firmware allows an attacker to understand the ECU’s functionality, extract the ECU’s secrets and identify exploitable software vulnerabilities. We describe multiple techniques in order to analyze binary firmware efficiently. We use an instrument cluster from a modern car to demonstrate the practicality of the described techniques on a real ECU.
Five things you should know to avoid the most common security errors
For more than 20 years Riscure has been helping chip and device vendors to improve the security of their products. We have observed the ever-changing security landscape, adjusted to the evolving attacker profile, witnessed and reacted to the appearance of well-organized adversaries.