diff options
author | Hammad Ahmed <hammad.ahmed@irdeto.com> | 2017-03-21 10:52:55 -0400 |
---|---|---|
committer | Hammad Ahmed <hammad.ahmed@irdeto.com> | 2017-04-25 16:55:58 -0400 |
commit | 9234c18a4cdeb8e54907a8255fd14d827dcbc497 (patch) | |
tree | d7ea221303dc825a6e345565fab64f0bdd8fff21 | |
parent | 5d0f0e61aea7e89589b6a0c1280a99b18646eb11 (diff) |
Adding attackers and adversaries to security blueprint
-rw-r--r-- | sec-blueprint/04-adversaries.md | 65 |
1 files changed, 42 insertions, 23 deletions
diff --git a/sec-blueprint/04-adversaries.md b/sec-blueprint/04-adversaries.md index acf3764..8740ae5 100644 --- a/sec-blueprint/04-adversaries.md +++ b/sec-blueprint/04-adversaries.md @@ -1,25 +1,44 @@ ---- - -title : Adversaries -date : 2016-06-30 -categories: architecture, automotive -tags: architecture, automotive, linux -layout: techdoc +This section lists some of the adversaries and attackers in Automotive. +## Enthusiast Attackers: + Enthusiast attackers have physical access to the Engine Control + Units (ECUs) at the circuit board level. They can solder ‘mod chips’ + onto the board and have access to probing tools. They also have + information on ECUs that have been hacked previously and have + access to softwares and instructions developed by other members + of car modification forums. The goal of the enthusiast hacker + could be, but is not limited to, adding extra horse power to the + car or hacking it just for fun. ---- - -**Table of Content** - -1. TOC -{:toc} - -## Authorised malicious project admin/developer - -## Malware developer - -## Organised crime - -## Authorised device/cloud user - -## Network mass attacker +## Corrupt Dealers: + These are attackers that have access to the same capabilities as + enthusiasts, but also have access to the car manufacturer's (OEM) + dealer network. They may also have access to standard debugging + tools provided by the car manufacturer. Their goal may be to support + local car theft gangs or organized criminals. + +## Organized Criminal: + Organized Criminals have access to all of the above tools but may + also have some level of control over the internal network at + many dealerships. They may have hacked and gained temporary + control of the Over-The-Air (OTA) servers or the In-Vehicle + Infotainment (IVI) systems. This is very much like the role of + organized criminals in other industries such as paid media today. + Their goal is to extort money from an OEMs and/or governments by + threatening to disable multiple vehicles. + +## Malware Developers: + Malware Developers have developed malicious software to attach + and compromise a large number of vehicle. The malicious software + would usually be designed spread from one vehicle to another. + The goal usually is to take control of multiple machines then sell + access to them for malicious purposes like denial-of-service (DoS) + attacks or stealing private information and data. + +## Security Researchers: + These attackers are ‘self-publicized’ security consultants trying + to make a name for themselves. They have access standard tools for + software security analysis. They also have physical access to the + vehicle and standard hardware debugging tools (Logic Analyzers, + Oscilloscopes, etc). Their goal is to publicize attacks for personal + gains. |