Bam the BAM - Electromagnetic Fault Injection & Automotive Systems

Presented at Black Hat USA 2021, Aug. 5, 2021, 2:30 p.m. (30 minutes)

<div><span>This talk introduces an example of how electromagnetic fault injection (EMFI) can be used to bypass security used to prevent ECU modifications on a recent (tested on a 2019 model year) automotive ECU. This attack requires extensive physical access to the ECU, but does not require modifications to the ECU. It's sufficient to simply open the ECU to expose the main microcontroller, which allows the fault injection attack to succeed.</span></div><div><span><br></span></div><div><span>This talk further shows how you can perform such validation yourself on other devices - using tools such as power analysis to determine if there are potentially vulnerable locations, and using fault injection to try and validate the vulnerabilities. This also allows you to experiment with ways of improving the resilience of a given device in case you are already using it somewhere critical - here an example will be given of several configurations which are more resilient to EMFI attacks.</span></div>

Presenters:

• Colin O'Flynn - CEO, NewAE Technology Inc.   as Colin OFlynn
  Colin OFlynn started the open-source ChipWhisperer project, and continues to be active in research around side channel power analysis and fault injection. He lives in Nova Scotia, Canada.

Links:

• https://www.blackhat.com/us-21/briefings/schedule/#bam-the-bam---electromagnetic-fault-injection--automotive-systems-23221

Similar Presentations:

• Black Hat Asia 2021 Virtual / "We Are About to Land": How CloudDragon Turns a Nightmare Into Reality
• Black Hat Asia 2021 Virtual / Wideshears: Investigating and Breaking Widevine on QTEE
• Black Hat USA 2021 / Chip Chop - Smashing the Mobile Phone Secure Chip for Fun and Digital Forensics