Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing

Presented at DEF CON 30 (2022), Aug. 13, 2022, 3:30 p.m. (20 minutes)

Car hacking is a tricky subject to hackers because it requires lots of money and hardware knowledge to research with a real car. An alternative way would be to research with an ECU but it also difficult to know how to setup the equipment. Moreover, in order to communicate with Automotive Ethernet services running on the ECU, you need additional devices such as media converters and Ethernet adapters supporting Virtual LAN(VLAN). Even if you succeed in building the hardware environment, you can't communicate with the ECU over SOME/IP protocol of Automotive Ethernet if you don't know the network configuration, such as VLAN ID, service IDs and IP/port mapped to each service. This talk describes how to do fuzzing on the SOME/IP services step by step. First, we demonstrate how to buy an ECU, how to power and wire it. Second, we explain network configurations to communicate between ECU and PC. Third, we describe how to find out the information required to perform SOME/IP fuzzing and how to implement SOME/IP Fuzzer. We have conducted the fuzzing with the BMW ECUs purchased by official BMW sales channels, not used products. We hope this talk will make more people to try car hacking and will not go through the trials and errors that we have experienced.

Presenters:

• Woongjo choi - Blueteam Leader, Autocrypt
  Woongjo Choi is in charge of team leader of blue team and also vehicle security test engineer at Autocrypt. Also, he designed automotive security test solution and conducted the fuzzing test.Experienced in various fields : Vehicle security, Mobile phone, Application Processor, Ultrasound system, etc.
• Jonghyuk Song - "Jonghyuk Song, Redteam Leader, Autocrypt"
  Jonghyuk Song is lead for Autocrypt’s Red Team. His current tasks are security testing for automotive including fuzzing, penetration testing, and vulnerability scanning. He researches security issues in not only in-vehicle systems, but also V2G and V2X systems. Jonghyuk received his Ph.D. in Computer Science and Engineering at POSTECH, South Korea in 2015. He has worked in Samsung Research as an offensive security researcher, where his work included finding security issues in smartphones, smart home appliances and network routers.
• Soohwan Oh - Blueteam Engineer, Autocrypt
  Soohwan Oh is an automotive engineer and security tester at Autocrypt blue team. He is mainly working on fuzzing test and issue analysis on the in-vehicle networks, such as CAN/CAN-FD, UDSonCAN and Automotive Ethernet. Also, he has designed the requirements of automotive security test solutions.

Links:

• https://forum.defcon.org/node/242347
• https://infocon.org/cons/DEF CON/DEF CON 30/DEF CON 30 video and slides/DEF CON 30 - Jonghyuk Song, Soohwan Oh, Woongjo Choi - Automotive Ethernet Fuzzing.mp4
• https://infocon.org/cons/DEF CON/DEF CON 30/DEF CON 30 video and slides/DEF CON 30 - Jonghyuk Song, Soohwan Oh, Woongjo Choi - Automotive Ethernet Fuzzing.srt (subtitles)
• https://www.youtube.com/watch?v=sJGJqpflEJI

Similar Presentations:

• Black Hat USA 2021 / Bam the BAM - Electromagnetic Fault Injection & Automotive Systems
• TROOPERS17 (2017) / An introduction to automotive ECU research
• Kawaiicon 2 (2022) Rescheduled / From Bits to Burnouts - Practical Vehicle Reverse-Engineering