Hacking automotive diagnostics services: a new attack on UDS unlocks ECUs in a few hours. 🚗🩺🔨🔑✅
A group of automotive security researchers - Jianwen Ren, Jianchi Jiang, Su Shengfeng, Lin Zengda, and Chen Guannan - share their research on the Unified Diagnostic Services (UDS) 0x27 Security Access feature, the well-known “challenge-response” mechanism for diagnostics.
The authors review the authentication mechanism, how it works in UDS, and the most popular attacks so far (including brute force), and then propose their own attack - with quite impressive results:
🩺 Use case 1: 16-bit LFSR algorithm - broken in 4 hours
🩺 Use case 2: 5-bit shift algorithm - broken in 38 minutes
🩺 Use case 3: No success (suspected AES-128)
The code is not public [yet], but the test results are quite interesting, especially for automotive cybersecurity professionals. Check out the presentation and find your ECUs in the picture below.
Don’t forget to share, especially if you have automotive professionals in your network.
More details:
AlgoBuster: Systematic Algorithmic Brute-Force Attacks Against UDS Security Access in Automotive ECUs [PDF]: https://i.blackhat.com/Asia-26/Presentations/BHAS26_Jianchi_AlgoBuster.pdf
