Common ECU threats
When looking at threats against external vehicle interfaces, we indirectly analyzed threats that impact external facing ECUs, such as telematics, IVI, and autonomous driving systems. In this section, we will expand our focus on threats that apply to both internal and external facing ECUs, based on the most common weaknesses of these systems.
Debug ports
ECUs offer several methods to access debug capability during development and, in some cases, after the ECU has been installed on a production vehicle. The JTAG interface is commonly used to debug and test the internal operation of an ECU. Attackers who gain access to the JTAG interface can extract the ECU software for offline analysis to identify vulnerabilities that can be exploited in the field. Another popular attack is attempting to recover global secrets, such as long-term cryptographic keys that are accessible in a debug mode. In addition to these attacks, ECU suppliers may have proprietary test modes...
