TRACK 4: Security Testing
29 October | 16:30 – 17:15

Grey-box Analysis and Testing of Automotive Electronic Components

Electronic Control Units (ECUs) are embedded systems which control the functionality of a modern vehicle. The growing number of ECUs in a vehicle, together with their increasing complexity, prompts the need for automated tools to test their security.

However, the analysis of embedded devices, such as ECUs, still poses many challenges, due to the limited IO and computing power.To this end, we present EffCAN, a tool for ECU firmware fuzzing via CAN (Controller Area Network). EffCAN operates on the Control Flow Graph (CFG), which we extract from the firmware.

The CFG is a platform independent representation, which allows us to abstract from the often obscure underlying architecture. The CFG is annotated with information about static data comparisons that affect the control flow of the firmware. This information is used to create initial seeds for the fuzzer. It is also used to adapt the input messages in order to cover hard to reach execution paths. We have evaluated EffCAN on three ECUs, from different manufacturers. The fuzzer was able to crash two of the ECUs. To our knowledge, this is the first approach that uses static analysis to guide the fuzzing of automotive ECUs.