Fault injection on automotive diagnostic protocols
In this work we present fault injection as a technique to bypass the security of automotive diagnosis (UDS) protocol implementations that do not contain any logical vulnerabilities. Two different ECUs, both from car models currently available for sale, were tested against fault injection attacks. Our tests proved that it is possible for an attacker to inject faults and bypass the UDS authentication, obtaining access to the internal Flash and SRAM memories of the targets. By analyzing the dumped firmware, the keys and algorithm that protect the UDS have also been extracted, giving full access to the diagnosis services without requiring the use of fault injection techniques.
This publication is available in a form of slides, originally presented by Riscure's Niek Timmers at the 2018 ESCAR USA conference. The original research paper, created by Ramiro Pareja and Santiago Cordoba, is available after registration.