HITB-Invoice-Logo

thank you for joining us!

Fuzzing the MCU of Connected Vehicles for Security and Safety

Date

August 25, 2022

Time

11:00

Track

CommSec Track

With the development of Smart Connected Vehicles in recent years, there have been more and more attacks against Connected Vehicles. Although the EEA (electrical and electronic architecture) of Connected vehicles has undergone great changes in recent years, the EEA of various manufacturers is also different. However, hackers’ attack target has not changed, it is still the core VCU (Vehicle Control Unit). VCU is usually an MCU-based embedded device, based on cortex-M/Cortex-R, Tricore, etc., and running a real-time operating system such as FreeRTOS or AUTOSAR .
In the development process of VCU, most manufacturers also follow the guidance of ISO21434 and conduct many information security tests on software and hardware. The software test methods for MCUs are relatively simple, such as unit testing, code auditing, and manual code instrumentation. There are two problems with these testing methods. Handwritten test cases are required, and the test case library is relatively simple. Therefore, we introduce fuzzing into the vehicle MCU security test. At the same time, to make the fuzzing smarter, we collect the ARM ETM with the help of an external debugger, to achieve code coverage-guided fuzzing.
Finally, we combined WINAFL and Trace32, and with the assistance of Lauterbach PowerDebug, we had code coverage-guided fuzzing test of ARM Corex-M based MCU. We use this tool to test our CAN services and SOA services and found several security vulnerabilities and bugs that affect the stability of the system. This fuzzing method can not only be used for mining information security vulnerabilities, but also for functional safety software testing to improve the robustness of the MCU system.

Speakers

Security Expert

Li Auto

I am currently working at  Li Auto (https://ir.lixiang.com/) as a security expert, mainly responsible for the security architecture design and penetration testing of domain controllers. I previously worked as a security researcher at Qihoo 360 Alpha Team. I am good at binary vulnerability mining and exploitation, Android security, Linux kernel security, code auditing, fuzzing and more. I have contributed nearly 100 security vulnerabilities to the Android system and obtained CVEs, and I have also contributed several high-risk vulnerabilities to Huawei HarmonyOS. I have previously spoken at syscan360 and mosec

My github: https://github.com/flankersky

Other Talks in This Track

LOCATION

CommSec Track

DATE

August 25

TIME

10:30

LOCATION

CommSec Track

DATE

August 25

TIME

11:30

LOCATION

CommSec Track

DATE

August 25

TIME

14:00