An evolutionary fault injection settings search algorithm for attacks on safe and secure embedded systems

Abstract

In this paper, we present a novel method for exploiting vulnerabilities in secure embedded bootloaders, which are the foundation of trust for modern vehicle software systems, by using a genetic algorithm to successfully identify the correct parameters to perform an electromagnetic fault injection attack. Specifically, we demonstrate the feasibility of code execution attacks by leveraging a combination of software and hardware weaknesses in the secure software update process of electronic control units (ECUs), which is standardized across the automotive industry. Our method utilizes an automated approach, eliminating the need for static code analysis, and does not require any hardware modifications to the targeted systems. Through our research, we successfully demonstrated our attack on three distinct ECUs from different manufacturers used in current vehicles. Our results prove that the use of a genetic algorithm for finding the fault parameters reduces the number of attempts necessary for a successful fault to obtain arbitrary code execution via "wild jungle jumps" by approximately 100 times compared to a naive random search.