Hacking vehicle ECUs by brute-forcing diagnostic keys: a practical security assessment of UDS and OBD. ππ οΈπ¨π»βπ»π°π
Security researchers Piotr Pelechaty and Lukasz Konieczny present in their paper a practical analysis of security issues in vehicle diagnostic systems, particularly in OBD (On-Board Diagnostics) and UDS (Unified Diagnostic Services).
Modern vehicles allow access to internal systems through a standard OBD port. The study found that many ECUs still have serious software vulnerabilities, such as susceptibility to brute-force attacks on diagnostic session authentication or a complete lack of authentication.
In one tested vehicle, sending just one specially crafted 3-byte message through the OBD port was enough to disable 10 ECUs and prevent the engine from starting - without knowing any passwords or cryptographic keys.
If youβre looking to learn how brute-force attacks on ECUs work, this paper may be a good read. Please share it with others who may be interested as well.
More details:
Analysis of security vulnerabilities in vehicle on-board diagnostic systems [PDF]: https://pdfs.semanticscholar.org/2a87/110372a6b3d774798eefc3685fbb9e36c560.pdf
