Penetration Testing of Vehicle ECUs

Abstract

The automobile industry has grown rapidly in the last few decades. The industry is moving towards electronics and software for better efficiency and results. These electronic components consist of hardware and software to control important operations like braking, engine control etc. The future automobiles will be highly sophisticated and extremely integrated with other devices like smart phones and tablets and update protocols like Firmware Update Over the Air (FOTA). It is also possible to have car to car and car to infrastructure communication which will open up for lots of security attacks on the Electronic Control Units (ECUs). Given the future developments and increasing percentage of electronics in automobiles, it is vital to perform penetration testing of ECUs. A Fault or a failure in one ECU can affect the operations of the automobile and hence endangering the passengers. This occurs due to the properties of In-vehicle networks which are discussed here. In order to find vulnerabilities and access security of an in-vehicular system, it is necessary to perform penetration testing on ECUs. This thesis focuses on how to perform penetration testing of ECUs by discussing the working of ECUs, its security mechanisms and discovering the vulnerabilities that exist in the ECU. Performing penetration test is essential for designing and building of new ECUs with better performance. The discovered attacks on ECUs are studied and appropriate countermeasures are suggested to patch the vulnerabilities.