Uncategorized

Analyzing ECU firmware

How They Did It: An Ana­ly­sis of Emis­si­on De­feat De­vices in Mo­dern Au­to­mo­bi­les
Mo­dern ve­hi­cles are re­qui­red to com­ply with a range of en­vi­ron­men­tal re­gu­la­ti­ons li­mi­t­ing the level of emis­si­ons for va­rious green­hou­se gases, to­xins and par­ti­cu­la­te mat­ter. To en­su­re com­pli­an­ce, re­gu­la­tors test ve­hi­cles in con­trol­led set­tings and em­pi­ri­cal­ly me­a­su­re their emis­si­ons at the tail­pipe. Howe­ver, the black box na­tu­re of this tes­ting and the stan­dar­diza­t­i­on of its forms have crea­ted an op­por­tu­ni­ty for eva­si­on. Using mo­dern elec­tro­nic en­gi­ne con­trol­lers, ma­nu­fac­tu­rers can pro- gram­ma­ti­cal­ly infer when a car is un­der­go­ing an emis­si­on test and alter the be­ha­vi­or of the ve­hi­cle to com­ply with emis­si­on stan­dards, while ex­cee­ding them du­ring nor­mal dri­ving in favor of im­pro­ved per­for­mance. While the use of such a de­feat de­vice by Volks­wa­gen has brought the issue of emis­si­ons chea­ting to the pu­blic’s at­ten­ti­on, there have been few de­tails about the pre­cise na­tu­re of the de­feat de­vice, how it came to be, and its ef­fect on ve­hi­cle be­ha­vi­or. In this paper, we pre­sent our ana­ly­sis of two fa­mi­lies of soft­ware de­feat de­vices for die­sel en­gi­nes: one used by the Volks­wa­gen Group to pass emis­si­ons tests in the US and Eu­ro­pe, and a se­cond that we have found in Fiat Chrys­ler Au­to­mo­bi­les. To carry out this ana­ly­sis, we de­ve­lo­ped new sta­tic ana­ly­sis firm­ware fo­ren­sics tech­ni­ques ne­cessa­ry to au­to­ma­ti­cal­ly iden­ti­fy known de­feat de­vices and con­firm their func­tion. We tested about 900 firm­ware ima­ges and were able to de­tect a po­ten­ti­al de­feat de­vice in more than 400 firm­ware ima­ges span­ning eight years. We de­scri­be the pre­cise con­di­ti­ons used by the firm­ware to de­tect a test cycle and how it af­fects en­gi­ne be­ha­vi­or. This work fra­mes the tech­ni­cal chal­len­ges faced by re­gu­la­tors going for­ward and high­lights the im­portant re­se­arch agen­da in pro­vi­ding fo­cu­sed soft­ware as­suran­ce in the pre­sence of ad­ver­sa­ri­al ma­nu­fac­tu­rers.

http://syssec.rub.de/research/publications/defeat-devices/

Standard

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s