New Cars are Coming With Vehicle Diagnostic Protection (SFD)

The aim of SFD

Product analyses in the VW Group have shown that there is an increased requirement for protection of data in vehicles. This is also the case for Vehicle Diagnostic Protection. The previous procedure (activation of security access by way of a 5-digit login code) no longer conforms to the state of the art. As of 2020 – beginning with the market entry of the MQB37W (Golf 8) – there will be a cross-brand introduction of the SFD procedure in order to provide Vehicle Diagnostic Protection. 

SFD will be introduced in two project stages: 

Stage 1 comprises access protection of protected diagnostic objects in control units and the verifiability of this access on an individual level. The protection requirement will be defined for specific control units and diagnostic objects. The protection requirement is limited to specific writing services (codings, adjustments, parametrisations) and routines. Normal reading services (e.g. readout of control unit event memories) will not be SFD-protected. The functions of data string downloading with boot loader data strings, flashing and/or update programming as well as flash data security are also not affected by SFD.

Stage 2 includes, as a supplement to stage 1, tamper protection of diagnostic contents upon integration of the diagnostic contents by end-to-end safeguarding of diagnostic data between VAG IT back end systems and control units. In order to be able to log access to diagnostic contents requiring protection in future, the IT security organisation requires strong user authentication to be enforced. It is therefore necessary to use two-factor authentication, which can be implemented, for example, by using 

  • PKI-cards 
  • SecurID-cards
  • Applications that generate one-time passwords (e.g. Google Authenticator or Microsoft Authenticator).

In a first transition phase, however, weak authentication by way of a username and password will initially be introduced when using the Dealer Portal. The transition to strong authentication by means of the Group Retail Portal will be developed in parallel.

The SFD process requires the vehicle diagnostic tester to have an online connection.

For detailed information you may download Offboad Diagnostic Information System Service Unlock procedure for SFD documentation here: DOWNLOAD DOCUMENTATION



Related Post