image image
Willem Melching and Greg Hogan at Hardwear USA 2024

Willem Melching & Greg Hogan



My car, My keys: obtaining CAN bus SecOC signing keys






Talk Title:

My car, My keys: obtaining CAN bus SecOC signing keys

Abstract:

Secure Onboard Communication (SecOC) is a new standard to add a Message Authentication Code (MAC) to messages on a vehicle’s CAN bus. This prevents ECUs that have no knowledge of a secret AES key to communicate with other parts of the vehicle. However, this prevents the owner of the vehicle to install any third-party devices not sanctioned by the vehicle manufacturer.


In this talk we will explain how we broke the SecOC implementation of a 2021 Model Year vehicle by attacking the power steering ECU. We will give a short introduction on SecOC. We will also explain how key management is implemented, and why observing a key update when replacing a part won’t allow extracting the key.


Using a Fault Injection attack the firmware of the power steering was extracted and could be reverse engineered. We discovered that all AES cryptography is implemented in firmware, and not handled by an HSM. This means it’s possible to extract the keys from the ECUs data flash. However, the SecOC key is unique per vehicle, and it’s not feasible to perform a Fault Injection attack for each vehicle.


By reverse engineering the firmware update logic in the bootloader it was discovered that verification of uploaded code was only done using an AES-CMAC. This allowed us to upload a payload to RAM and get the ECU to execute it. Using this exploit we can extract the SecOC keys. This attack can be done completely over the CAN bus using regular diagnostic commands.


By reading the AUTOSAR SecOC standard, and analyzing the firmware we were able to use the extracted key to successfully build CAN messages that are accepted by the car. This allows the owner of the vehicle to run a third party Advanced Driver Assistance (ADAS) software, such as openpilot without needing to make any persistent changes to their car. All code needed to extract the keys and generate CAN messages is open source.


Speaker Bio:

Willem Melching is an independent security researcher. He has over 5 years of experience working on automotive security and reverse engineering.
Blog: https://icanhack.nl/blog/

Greg Hogan is head of Infrastructure at comma.ai. He likes to spend his spare time reverse engineering ECU firmware. His projects include enabling steer-by-wire on pre AP Teslas, enabling point cloud outputs from an automotive radar and flashing ECUs through a web browser.