Explore automotive security vulnerabilities and hacking techniques in this Black Hat conference talk. Delve into the world of extracting and analyzing automotive firmware efficiently, focusing on an Instrument Cluster as the target. Learn about fault injection techniques, including tooling and glitching methods to bypass security checks and access memory. Discover the process of finding optimal parameters through randomization and understand the challenges of achieving a 100% success rate. Examine static analysis approaches, emulation of CPU architecture, and implementation of peripherals. Gain insights into execution tracing, taint tracking, and the importance of debug interfaces. Discuss electromagnetic fault injection, universal applicability of fault injection techniques, and strategies for hardening ECU hardware, software, and design. Acquire key takeaways on automotive security and the prevalence of glitches in embedded systems.
There Will Be Glitches - Extracting and Analyzing Automotive Firmware Efficiently
Overview
Syllabus
Intro
Today we target an Instrument Cluster
Let's get our target's firmware!
Quick analysis of our dashboard
Fault Injection - Tooling
What happens when we glitch?
Fault Injection breaks things!
Glitching the Security Access Check Results
Glitching ReadMemoryByAddress Results
Fault Injection demo setup
Finding the right parameters: Randomize
There is a relationship!
Why not a 100% success rate? :'
The Plan
Static analysis?
Tools?
What do we need?
Emulating the CPU architecture
"Implementing" peripherals
How difficult was it?
Why write an emulator?
Execution tracing
Taint tracking
Demo Time!!!
Wrap up!
Debug interfaces
Electromagnetic Fault Injection
Fault Injection is universal
Hardening ECU hardware
Hardening ECU software
Hardening ECU design
Key takeaways
There were glitches... hopefully!;
Taught by
Black Hat
