summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHammad Ahmed <hammad.ahmed@irdeto.com>2017-03-21 10:52:55 -0400
committerHammad Ahmed <hammad.ahmed@irdeto.com>2017-04-25 16:55:58 -0400
commit9234c18a4cdeb8e54907a8255fd14d827dcbc497 (patch)
treed7ea221303dc825a6e345565fab64f0bdd8fff21
parent5d0f0e61aea7e89589b6a0c1280a99b18646eb11 (diff)
Adding attackers and adversaries to security blueprint
-rw-r--r--sec-blueprint/04-adversaries.md65
1 files changed, 42 insertions, 23 deletions
diff --git a/sec-blueprint/04-adversaries.md b/sec-blueprint/04-adversaries.md
index acf3764..8740ae5 100644
--- a/sec-blueprint/04-adversaries.md
+++ b/sec-blueprint/04-adversaries.md
@@ -1,25 +1,44 @@
----
-
-title : Adversaries
-date : 2016-06-30
-categories: architecture, automotive
-tags: architecture, automotive, linux
-layout: techdoc
+This section lists some of the adversaries and attackers in Automotive.
+## Enthusiast Attackers:
+ Enthusiast attackers have physical access to the Engine Control
+ Units (ECUs) at the circuit board level. They can solder ‘mod chips’
+ onto the board and have access to probing tools. They also have
+ information on ECUs that have been hacked previously and have
+ access to softwares and instructions developed by other members
+ of car modification forums. The goal of the enthusiast hacker
+ could be, but is not limited to, adding extra horse power to the
+ car or hacking it just for fun.
----
-
-**Table of Content**
-
-1. TOC
-{:toc}
-
-## Authorised malicious project admin/developer
-
-## Malware developer
-
-## Organised crime
-
-## Authorised device/cloud user
-
-## Network mass attacker
+## Corrupt Dealers:
+ These are attackers that have access to the same capabilities as
+ enthusiasts, but also have access to the car manufacturer's (OEM)
+ dealer network. They may also have access to standard debugging
+ tools provided by the car manufacturer. Their goal may be to support
+ local car theft gangs or organized criminals.
+
+## Organized Criminal:
+ Organized Criminals have access to all of the above tools but may
+ also have some level of control over the internal network at
+ many dealerships. They may have hacked and gained temporary
+ control of the Over-The-Air (OTA) servers or the In-Vehicle
+ Infotainment (IVI) systems. This is very much like the role of
+ organized criminals in other industries such as paid media today.
+ Their goal is to extort money from an OEMs and/or governments by
+ threatening to disable multiple vehicles.
+
+## Malware Developers:
+ Malware Developers have developed malicious software to attach
+ and compromise a large number of vehicle. The malicious software
+ would usually be designed spread from one vehicle to another.
+ The goal usually is to take control of multiple machines then sell
+ access to them for malicious purposes like denial-of-service (DoS)
+ attacks or stealing private information and data.
+
+## Security Researchers:
+ These attackers are ‘self-publicized’ security consultants trying
+ to make a name for themselves. They have access standard tools for
+ software security analysis. They also have physical access to the
+ vehicle and standard hardware debugging tools (Logic Analyzers,
+ Oscilloscopes, etc). Their goal is to publicize attacks for personal
+ gains.