Fault Injection on Automotive Diagnostic Protocols

白皮书

From the beginning of the vehicle electronics era, car manufacturers have been trying to simplify how to troubleshoot problems in their vehicles. Nowadays, it is uncommon to find a car that does not implement the OBD2 (OnBoard Diagnosis 2) and the UDS (Unified Diagnostic Services) standards for diagnosis of the vehicle and the individual Electronic Controller Units (ECUs), respectively.

 

Due to the amount of information available through them, these diagnosis interfaces have been targeted by hackers and hobbyists from the very beginning. For years, attackers exploited trivial vulnerabilities in these diagnosis protocols to bypass this authentication, but state-of-art implementations make it impossible to bypass the security logically.

 

Our work presents fault injection as a technique to bypass the security of diagnosis protocol implementations that do not contain any logical vulnerabilities and are protected against traditional logical attacks. This paper also illustrates the risk of implementing a vulnerable diagnosis protocol, since it could serve as an entry point for a scalable attack, and proposes some recommendations to mitigate the risk. Although this work is focused on the UDS protocol, a similar approach could be taken to bypass the security of other diagnosis protocols like KWP2000.