Automotive Ethernet Security Revisited New Protocols, New Attacks, and Advanced Scapy Techniques
Five years ago, we presented “Automotive Penetration Testing with Scapy” at TROOPERS19—a talk that quickly became one of the most-watched sessions on the TROOPERS YouTube channel. In the intervening years, the automotive domain has evolved significantly, particularly in the realm of *Automotive Ethernet* (e.g., 100/1000BASE-T1). Modern vehicles now rely heavily on protocols like *Diagnostics over IP (DoIP)**, **SOME/IP**, and **AUTOSAR PDUs**, combined with sophisticated security approaches and **Over-the-Air (OTA)* update mechanisms.
In this fresh deep dive, we revisit the automotive Ethernet security landscape, illustrating how *Scapy* has adapted to accommodate these emerging protocols and testing scenarios. We will demonstrate advanced techniques, including restbus simulations for SOME/IP, emulating malicious OTA update servers, and exploring cutting-edge features in UDS—such as authentication services—all through carefully crafted packet injection and analysis.
About the Speakers:
Dr. Weiß delved into penetration testing during his Bachelor’s and Master’s, exploring vulnerabilities in embedded systems and entire vehicles. Active in developing open-source penetration test frameworks like Scapy, he co-founded dissecto GmbH in 2022, focusing on simplifying security diagnostics and solutions for embedded systems.
Jonas Horreis is a penetration tester at dissecto with a focus on automotive security. He started by automating ECU security tests for his bachelor’s thesis, expanded into securing EV-charging infrastructure and electric-vehicle architectures during his master’s research, and later investigated advanced fuzzing techniques as a university research assistant. Now he applies this knowledge to secure the ECUs of the future.