Talk Title:

Is Your Memory Protected? Uncovering Hidden Vulnerabilities in Automotive MPU Mechanisms

Abstract:

As you read these lines on your computer screen, the device facilitating this interaction is equipped with a Memory Management Unit (MMU). MMUs are the unsung heroes of modern computing, managing memory resources and ensuring smooth software operation. From smartphones to powerful servers, MMUs optimize performance and safeguard against security vulnerabilities. This talk focuses on the less discussed but equally crucial Memory Protection Unit (MPU), which may be likened to the younger, underappreciated sibling of the MMU. MPUs are primarily used in microcontrollers (MCUs) in Automotive Electronic Control Units (ECUs). They play a key role in enforcing memory protection, preventing unauthorized access and safeguarding against security threats.

This talk focuses on the importance of MPUs as a fundamental security mechanism in today's automotive control units. It presents two new vulnerabilities, designated CVE-2023-48010 and CVE-2024-33882, that we discovered in two different PowerPC microcontroller families specifically designed for automotive applications and extensively used in various ECUs. We will conclude by describing the responsible disclosure process and suggesting various mitigations for these vulnerabilities.

Speaker Bio:

Nimrod is a cyber security researcher at PlaxidityX where he focuses on researching the latest attack techniques and applying lessons learned to improve automotive cyber defenses. Prior to PlaxidityX, Nimrod was a Cyber Security Researcher at CyberArk Labs, doing vulnerability research of software and hardware. Nimrod holds an LLB in Law and BA in Economics.