In the ever-evolving landscape of automotive technology, the need for robust security measures and dependable vehicle performance has become paramount with connected vehicles and autonomous driving. The Unified Diagnostic Services (UDS) protocol is the diagnostic communication layer between various vehicle components which serves as a critical interface for vehicle servicing and for software updates. Fuzz testing is a dynamic software testing technique that involves the barrage of unexpected and invalid inputs to uncover vulnerabilities and erratic behavior. This paper presents the implementation of fuzz testing methodologies on the UDS layer, revealing the potential vulnerabilities that could be exploited by malicious entities.
By employing both open-source and commercial fuzzing tools and techniques, this paper simulates real-world scenarios to assess the UDS layer’s resilience against anomalous data inputs. Specifically, we deploy several open-source UDS implementations on a Controller Area Network (CAN) testbed and use them as a target for the aforementioned fuzzing tools. The outcomes of the fuzzing campaigns provide both automakers and researchers with insights about the completeness of open-source UDS implementations, as well as existing vulnerabilities. Our recommendations are intended to inform researchers and developers about the current state of these implementations, especially if they consider integrating them into their products. Ultimately, the use of open-source implementations in the automotive domain promises a more secure, easier to maintain, safer, and cheaper development process.
This paper underscores the significance of continuous testing and fortification in ensuring the integrity of automotive systems with a particular focus on UDS, offering a valuable contribution to the advancement of secure vehicular technology.