This week, we provide you with a short summary of some interesting presentations from the escar Europe conference which was held last week in Berlin. Naturally, there were many more interesting presentations, and this is just a small selection. The conference started with a keynote by Cristof Paar giving an overview of 20 years escar and automotive security, and why hardware manipulation is a serious threat.
Threat analysis and risk assessment. Simon Greiner and Maike Massierer  from Bosch looked at the threat analysis and risk assessment when following the attack potential method according to ISO 21434 (Appendix G) from a supplier’s perspective. Based on two use cases, man in the middle tuning and installing a rogue device, they highlighted that the resulting attack feasibility may, in some cases, not reflect reality. For instance, adding an additional device to the vehicle network for tuning the vehicle (man in the middle tuning) results in an attack feasibility level of very low, however, this attack happens frequently, i.e., there is a market for selling such products. On the other hand, attacks requiring installing a rogue device which injects, for instance, brake signals are rarely found (yet the attack feasibility was rated high). Therefore, the authors propose new values for elapsed time and window of opportunity to provide more realistic risk ratings.
AV approval. Mohamed Abid and Christa Budke  provided an overview how TÜV Süd plans to approve the cybersecurity of autonomous vehicles (AVs) which are in series production. They first described AV-Permit 1.0 which is the evaluation method for individual AVs and then their proposed method for series vehicles called AV-Permit 2.0 which complies with UNECE Regulation 155 and 156 and thus covers the entire vehicle and the organisation’s cybersecurity management system (CSMS) and software update management systems (SUMS).
Adversarial attacks on lane detection systems. Gabriel Geck and Dominik Fisch  presented the results of their investigation about the feasibility of adversarial attacks on lane detection systems by testing and evaluating open-source lane detection methods as well as the openpilot model developed by comma.ai. They tested how road patches could potentially make a vehicle move outside of its lane and thus potentially cause an accident. Their evaluation shows that it is indeed possible, however, all conditions must be met also in reality, e.g., the surrounding (trees, streetlights) and light conditions. Therefore, they conclude that it is actually very difficult to actually apply these techniques in reality.
Confidential deep learning. Stefan Gehrer and Moritz Eckert  from Bosch and Edgeless Systems presented a framework, which utilises Intel’s trusted execution environment (TEE) called Intel SGX to ultimately use real image data that includes personal identifiable information (PII) for training deep learning algorithms, yet still comply with current regulations to store PII, such as faces and license plates, securely. In short, their method uses the TEE for remote attestation of the remote server and further identifies and labels PII and splits this information, i.e., PII is encrypted and stored securely using the TEE, and the remaining data, i.e., the scene with vehicles (without registration plates), are stored in a separate database. To train the deep learning algorithm, they combine both types of information within the TEE. They further demonstrated the feasibility of this method with a proof of concept.
Zero-day vulnerabilities. Amit Geynis  from Argus Cyber Security LTD described four zero-day vulnerabilities they have found. (1) The first vulnerability was found in the instrument cluster. They found that sending a CAN-FD frame with a specific ID could be used to cause a buffer overflow which in turn allows remote code execution. (2) Through fuzzing the IPsec and SOME/IP-SD protocols, they found that they could perform remote code execution on the IPSec task. Furthermore, they were also able to take over full control of the four bytes program counter due to a vulnerability in the SOME/IP service discovery protocol potentially allowing them to gain full control over an ECU when combining both vulnerabilities. (3) When performing a black box analysis of a telematics control unit (TCU), they first reverse engineered the firmware and then found logical flaws in the cryptographic validation between the TCU and the body control module (BCM). This set of flaws allows an attacker who can eavesdrop the network communication to derive the pre-shared key based on the messages exchanged during the validation process. (4) Another vulnerability was found in a TCU used in heavy duty vehicles. The TCU provides two external communication interfaces via a cellular connection, i.e., communication via TLS and binary-formatted SMS. The TLS connection is used for features/communication to the backend and binary-formatted SMS are only used to trigger the communication to the backend. Their testing, however, revealed that the TLS authentication could be bypassed by crafting a binary-formatted SMS that makes the handler interpret it as decrypted message from the backend system which usually communicates via TLS.
— Written by Thomas Rosenstatter
 S. Greiner, M. Massierer, C. Loderhose, B. Lutz, F. Stumpf and F. Wiemer, “A supplier’s perspective on threat analysis and risk assessment according to ISO/SAE 21434,” in 20th escar Europe, Berlin, 2022.
 M. F. Abid and C. Budke, “The road to AV approval – A Cybersecurity Perspective,” in 20th escar Europe, Berlin, 2022.
 G. Gabriel, D. Fisch, V. Belagiannis and F. Kargl, “Feasibility of Adversarial Attacks on Real-World Lane Detection Systems (Industrial Track),” in 20th escar Europe, Berlin, 2022.
 S. Gehrer, M. Eckert, S. Raynor, S. Trieflinger, D. Weiße, C. Zimmermann, F. Schuster and P. O’Neil, “Scalable and Confidential Deep Learning for Automotive Video and Image Data,” in 20th escar Europe, Berlin, 2022.
 A. Geynis, “Tales from a Penetration Testing Team,” in 20th escar Europe, Berlin, 2022.