Fuzzy fault injection attacks against secure automotive bootloaders

Secure embedded bootloaders are the trust anchors for modern vehicles’ software. The secure software update process of ECUs is well-defined across the entire automotive industry. Every OEM has his own implementation, but follows the general software update process. This paper demonstrates code execution attacks by combining software and hardware weaknesses in secure automotive bootloaders. The attack can be performed entirely automated, no static code analysisis required. Random fault injection parameters were sufficient to obtain code execution in a reasonable time. All experiments were conducted with electromagnetic fault injection and without any hardware modifications of the targets. We successfully performed our attack on two entirely different gateway Electronic Control Units (ECUs) used in current vehicles (at the time of this research) from Volkswagen and BMW. As a result of this attack, consisting of a combination of a hardware and asoftware attack, the general secure software update process used in the automotive industry needs to be revised