Talk Title:

Secrets of Simos18: Reverse Engineering the secure boot mechanism of an Engine Control Unit

Abstract:

Most of us know that modern cars are run by embedded computers. Fewer know how these embedded systems are secured.

In this talk, I will describe:

• The basic architecture employed by automotive control units, from the viewpoint of a reverse engineer and with a focus on boot-time security.
• The secure boot architecture in a somewhat modern Engine Control Unit, Continental Simos18.
• Several design weaknesses and vulnerabilities present in the Simos18 secure boot strategy, leading to a complete bypass enabling the installation of custom code and calibration.

This talk will (hopefully!) take the audience from limited knowledge of automotive control units to a good understanding of how these systems are designed, implemented, and commonly broken.

Speaker Bio:

Brian Ledbetter grew up reverse engineering everything he could get his hands on, from his parents' VCR to game consoles like the PlayStation Portable. Then he spent many thrilling years working in corporate middle management. Recently, he's had the chance to come back to the light as a reverse engineer at SkySafe, where he takes apart drone firmware and RF protocols.