CANdid : A Stealthy Stepping-Stone Attack to Bypass Authentication on ECUs

A high-entropy source of randomness is an essential component in any secure protocol, required to ensure that protocol elements, such as cryptographic keys, nonces, or salts, are unpredictable for the attackers. Resource-constrained embedded devices, such as Electronic Control Units (ECUs) in modern vehicles, often utilize weak sources of randomness due to the unavailability of true sources of randomness. In this article, we illustrate the ability of a relatively simple adversary to exploit this weakness within ECUs of vehicles produced by major manufacturers. We demonstrate that the weakness can be exploited by the adversary on a real ECU to breach the protection of Unified Diagnostic Services (UDS) Security Access service and access restricted functionality of the UDS protocol. We develop CANdid, a stepping-stone attack strategy where an adversary with access to a non-critical ECU can utilize this weakness to maliciously reprogram an arbitrary critical ECU over the CAN bus.