November 15, 2021
SCHUTZWERK participated at escar Europe 2021 with two talks
escar Europe 2021
The escar is the world’s leading automotive cyber security conference. International speakers from industry, academia and government give recent insights and encourage discussions on several automotive cyber security topics. The program of the escar typically ranges from talks about modern in-vehicle cyber security threats and vulnerabilities to talks about risk mitigation and countermeasures. This year’s escar Europe took place as a hybrid conference in Frankfurt with around 100 online participants and around 100 on-site participants. SCHUTZWERK participated at the escar Europe with two talks:
Challenges in Automotive Penetration Testing
In his talk, Dr. Bastian Könings discussed typical challenges in automotive penetration testing. From his experience with several penetration tests for OEMs and suppliers during the last years, he highlighted common pitfalls, shortcomings and other challenging situations in the planning and execution phases of automotive penetration tests, both from the customer’s and pentester’s perspective. Where possible, he discussed potential solutions or directions for overcoming these challenges in future penetration tests of ECUs and vehicles.
PROBoter - Automating PCB Analysis Tasks to Support Penetration Tests of Embedded Systems
Fabian Weber presented the PROBoter , which is a hardware platform to support penetration tests of embedded systems by automating time-consuming analysis tasks.
Analyzing the security of hardware components is an essential part of penetration tests in the context of embedded systems . Especially in the domain of automotive security and upcoming autonomous vehicles, vulnerabilities of electronic control units (ECUs) may have severe implications and therefore should be identified early in the development process (as also required by new regulations). Typically, the security analysis requires manual probing of pins or other contact pads on the printed circuit boards (PCBs) followed by the attempt to identify signals and respective bus protocols.
To increase the efficiency of this hardware analysis and further reduce error-proneness of manual probing steps, we introduce the PROBoter (PROBing roboter) as a novel open-source and self-calibrating architecture for automated PCB analysis as part of a penetration test. The PROBoter consists of four independently moving probes assisted by a camera for the detection of pins and contact pads, and an oscilloscope for signal measurement. Several algorithms allow the automatic probing of voltages at detected pins and contact pads, and subsequently try to identify existing bus protocols.
We evaluated the feasibility of our approach using different PCBs and a self-designed test board for signal generation. Our evaluation shows that the PROBoter can detect and probe respective parts of a PCB with high accuracy and can successfully identify selected bus protocols. Our novel approach provides a significant contribution to the field of PCB analysis by automating manual work and thus increasing the efficiency of penetration tests of embedded systems such as automotive ECUs.
All details of the PROBoter contributions can be found in our paper at https:/ / doi.org/ 10.13154/ 294-8348 .
The PROBoter hardware design as well as source code of the automation processes will be published on our Github page .
We are currently working on a demonstration video which will be published in beginning of 2022 as part of the SecForCARs project results . Furthermore, a blog post series will provide further insights.