РУС
BACK
As the automotive industry evolves rapidly, modern vehicles are increasingly equipped with numerous electronic systems, creating a wide array of potential attack vectors. This report focuses on the “brains” of such systems—the central processor used in most automotive electronic units.
Many TCUs, ECUs, secured gateways, and keyless entry systems rely on microcontrollers from Renesas (Japan). Their automotive MCUs, based on the RH850 architecture, offer multiple security features such as:
  • Interface disabling
  • Password protection
  • Read/write/erase protection
  • Even a secure core enabling a trusted boot chain
These microcontrollers present the first major challenge in extracting firmware for analysis.
In this talk, the speakers will discuss how they discovered several vulnerabilities and successfully exploited them through glitch attacks. This enabled them to extract firmware from one of the most widely used automotive microcontroller families, despite its multiple protection levels. Additionally, they carried out a glitch attack to extract the BootROM code chunck, which they then analyzed to extract whole BootROM.
The report also explores the reverse engineering of the BootROM code, its structure, and numerous undocumented commands that provide access to virtually any information within the microcontroller, including configurations, OTP memory data, and passwords
SPEAKERS
Yury Vasin
Lead of Tau Group, Positive Labs
Yury is a security researcher specializing in a wide range of systems, with a particular focus on hardware and custom solutions—including hardware units, firmware, and specialized interfaces.
His expertise extends beyond reverse engineering, encompassing side-channel attacks.
Member of the Positive Labs gang
Dmitry Vereshchak
Expert, Positive Technologies
Reverse-engineer in the automotive industry, where he progressed for 25 years. Dmitry’s area of responsibility is automotive software development and reverse-engineering.
For the past few years, he has been developing the automotive security business at Positive Labs, as well as working in the closely related area of side-channel attacks
We use cookies to personalize our services and enhance your browsing experience. You can disable cookies in your browser settings. Read our cookie policy to learn more about how we use cookies