The control features of vehicles have traditionally been focused solely on ensuring the safe operation of various integrated mechanical systems. Protocols standardized for vehicles typically concentrate on safety-related issues, and it has been widely assumed that the data provided by these protocols, such as the SAE J1979, is strictly related to safety and environmental reasons without impacting security aspects. However, this study reveals a contrasting scenario. Our interest lies particularly in the Engine Control Module (ECM), which has not received much attention until now, partly due to its intricate nature and the intersection of multiple disciplines. We use the EDC16 ECM model, commonly found in diesel engines, as a case study to demonstrate how automated scripts can identify and manipulate critical safety parameters within the extracted ECM firmware. These manipulations can lead to severe attacks, even at high speeds. Our research confirms the widespread applicability of our approach by testing it on various ECM models, including those used in hundreds of gasoline vehicle models from manufacturers like AUDI, BMW, and CHRYSLER. Our work suggests that the once clear-cut distinction between safety and security becomes increasingly blurred, necessitating a more holistic approach to vehicle design that addresses both safety mechanisms and potential security vulnerabilities.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

AutoS \(^2\) ploit: From Automotive Safety-Critical Functionalities to Security Exploit

  • Nan Zhuang,
  • Haonan Miao,
  • Xiangxue Li

摘要

The control features of vehicles have traditionally been focused solely on ensuring the safe operation of various integrated mechanical systems. Protocols standardized for vehicles typically concentrate on safety-related issues, and it has been widely assumed that the data provided by these protocols, such as the SAE J1979, is strictly related to safety and environmental reasons without impacting security aspects. However, this study reveals a contrasting scenario. Our interest lies particularly in the Engine Control Module (ECM), which has not received much attention until now, partly due to its intricate nature and the intersection of multiple disciplines. We use the EDC16 ECM model, commonly found in diesel engines, as a case study to demonstrate how automated scripts can identify and manipulate critical safety parameters within the extracted ECM firmware. These manipulations can lead to severe attacks, even at high speeds. Our research confirms the widespread applicability of our approach by testing it on various ECM models, including those used in hundreds of gasoline vehicle models from manufacturers like AUDI, BMW, and CHRYSLER. Our work suggests that the once clear-cut distinction between safety and security becomes increasingly blurred, necessitating a more holistic approach to vehicle design that addresses both safety mechanisms and potential security vulnerabilities.