Solution Overviews

Datasheet: Mitigating Automotive Cyberattacks

Issue link: https://resources.irdeto.com/i/1005605

Contents of this Issue

Navigation

Page 3 of 3

www.irdeto.com 4 © 2019 Irdeto. All Rights Reserved. Reverse engineering of E-NET peer diagnostics service. The Keen Lab researchers reverse-engineered the E-NET service to identify a vulnerability, which enabled them to develop an exploit. Reverse engineering of firmware. The researchers obtained the raw firmware of at least the TCB. They noted that this was "tough reverse engineering work." They did not report how they obtained the firmware. Microprocessors don't often have readout protections, or the protections can be bypassed with physical attacks (e.g. glitching). Cloakware Software Protection uses data and control- flow program transformations to raise the bar for reverse engineering to improbable levels of effort. Particularly when considering high-privileged processes that parse network or local inputs, integrating CSP will force a much higher investment of time and resources on the part of the attackers. More often than not, this pushes the attackers towards other targets. Leveraging a Root Shell on the Target. The Keen Lab researchers took advantage of the root shell they obtained to deploy new executables, explore system resources and inspect memory contents of all processes. Secure Environment's (SE) threat model assumes the attacker has control of the shells that have root privilege. SE realizes the system security enhancing features through multiple mutually-reinforcing user space agents. These agents are self-protected with multi-layer anti- tamper techniques using Cloakware Software Protection. Instead of at the end of an intrusion, attackers with a root shell find themselves at the beginning of a large effort to attack the rest of the system. For more information about Connected Transport by Irdeto, please visit: Irdeto.com/connected-transport/

Articles in this issue

Links on this page

view archives of Solution Overviews - Datasheet: Mitigating Automotive Cyberattacks