Automotive Ethernet Security Revisited New Protocols, New Attacks, and Advanced Scapy Techniques

Описание: Five years ago, we presented “Automotive Penetration Testing with Scapy” at TROOPERS19—a talk that quickly became one of the most-watched sessions on the TROOPERS YouTube channel. In the intervening years, the automotive domain has evolved significantly, particularly in the realm of *Automotive Ethernet* (e.g., 100/1000BASE-T1). Modern vehicles now rely heavily on protocols like *Diagnostics over IP (DoIP)**, **SOME/IP**, and **AUTOSAR PDUs**, combined with sophisticated security approaches and **Over-the-Air (OTA)* update mechanisms.

In this fresh deep dive, we revisit the automotive Ethernet security landscape, illustrating how *Scapy* has adapted to accommodate these emerging protocols and testing scenarios. We will demonstrate advanced techniques, including restbus simulations for SOME/IP, emulating malicious OTA update servers, and exploring cutting-edge features in UDS—such as authentication services—all through carefully crafted packet injection and analysis.

About the Speakers:

Dr. Weiß delved into penetration testing during his Bachelor’s and Master’s, exploring vulnerabilities in embedded systems and entire vehicles. Active in developing open-source penetration test frameworks like Scapy, he co-founded dissecto GmbH in 2022, focusing on simplifying security diagnostics and solutions for embedded systems.

Jonas Horreis is a penetration tester at dissecto with a focus on automotive security. He started by automating ECU security tests for his bachelor’s thesis, expanded into securing EV-charging infrastructure and electric-vehicle architectures during his master’s research, and later investigated advanced fuzzing techniques as a university research assistant. Now he applies this knowledge to secure the ECUs of the future.