Fuzzy fault injection attacks against secure automotive bootloaders

Secure embedded bootloaders are the trust anchors for modern vehicles’ software. The secure software update process of ECUs is well-defined across the entire automotive industry. Every OEM has his own implementation, but follows the general software update process. This paper demonstrates code execution attacks by combining software and hardware weaknesses in secure automotive bootloaders. The attack can be performed entirely automated, no static code analysisis required. Random fault injection parameters were sufficient to obtain code execution in a reasonable time. All experiments were conducted with electromagnetic fault injection and without any hardware modifications of the targets. We successfully performed our attack on two entirely different gateway Electronic Control Units (ECUs) used in current vehicles (at the time of this research) from Volkswagen and BMW. As a result of this attack, consisting of a combination of a hardware and asoftware attack, the general secure software update process used in the automotive industry needs to be revised.

Metadaten
Author:	Enrico Pozzobon GND, Nils Weiß GND, Jürgen Mottok GND, Vaclav Matousek GND
URN:	urn:nbn:de:hbz:294-103817
DOI:	https://doi.org/10.13154/294-10381
Parent Title (English):	21th escar Europe : The World's Leading Automotive Cyber Security Conference (Hamburg, 15. - 16.11.2023)
Document Type:	Part of a Book
Language:	English
Date of Publication (online):	2023/10/25
Date of first Publication:	2023/10/25
Publishing Institution:	Ruhr-Universität Bochum, Universitätsbibliothek
Pagenumber:	20
Dewey Decimal Classification:	Allgemeines, Informatik, Informationswissenschaft / Informatik
open_access (DINI-Set):	open_access
Konferenz-/Sammelbände:	21th escar Europe : The World's Leading Automotive Cyber Security Conference
Licence (German):	Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht

RUB » Bibliotheksportal