aboutsummaryrefslogtreecommitdiffstats
path: root/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.2_Wireless.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.2_Wireless.md')
-rw-r--r--docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.2_Wireless.md60
1 files changed, 34 insertions, 26 deletions
diff --git a/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.2_Wireless.md b/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.2_Wireless.md
index 1be314d..ce0259e 100644
--- a/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.2_Wireless.md
+++ b/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.2_Wireless.md
@@ -1,12 +1,7 @@
---
-edit_link: ''
title: Wireless
-origin_url: >-
- https://raw.githubusercontent.com/automotive-grade-linux/docs-sources/master/docs/security-blueprint/part-7/2-Wireless.md
---
-<!-- WARNING: This file is generated by fetch_docs.js using /home/boron/Documents/AGL/docs-webtemplate/site/_data/tocs/architecture/master/security_blueprint-security-blueprint-book.yml -->
-
# Wireless
In this part, we talk about possible remote attacks on a car, according to the
@@ -46,16 +41,21 @@ Connectivity-Wireless-1 | Add communication channels (RFID, ZigBee?).
--------------------------------------------------------------------------------
For existing automotive-specific means, we take examples of existing system
-attacks from the _IOActive_ document ([A Survey of Remote Automotive Attack Surfaces](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf))
-and from the ETH document ([Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars](https://eprint.iacr.org/2010/332.pdf)).
+attacks from the _IOActive_ document ([A Survey of Remote Automotive Attack
+Surfaces](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf))
+and from the ETH document ([Relay Attacks on Passive Keyless Entry and Start
+Systems in Modern Cars](https://eprint.iacr.org/2010/332.pdf)).
- [Telematics](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf#%5B%7B%22num%22%3A40%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C60%2C720%2C0%5D)
-- [Passive Anti-Theft System (PATS)](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf#%5B%7B%22num%22%3A11%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C60%2C574%2C0%5D)
+- [Passive Anti-Theft System
+ (PATS)](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf#%5B%7B%22num%22%3A11%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C60%2C574%2C0%5D)
-- [Tire Pressure Monitoring System (TPMS)](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf#%5B%7B%22num%22%3A17%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C60%2C720%2C0%5D)
+- [Tire Pressure Monitoring System
+ (TPMS)](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf#%5B%7B%22num%22%3A17%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C60%2C720%2C0%5D)
-- [Remote Keyless Entry/Start (RKE)](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf#%5B%7B%22num%22%3A26%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C60%2C720%2C0%5D)
+- [Remote Keyless Entry/Start
+ (RKE)](https://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf#%5B%7B%22num%22%3A26%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C60%2C720%2C0%5D)
- [Passive Keyless Entry (PKE)](https://eprint.iacr.org/2010/332.pdf)
@@ -85,10 +85,11 @@ We can differentiate existing attacks on wifi in two categories: Those on
- **WPA** attacks:
- **Beck and Tews**: Exploit weakness in **TKIP**. "Allow the attacker to
- decrypt **ARP** packets and to inject traffic into a network, even
- allowing him to perform a **DoS** or an **ARP** poisoning".
+ decrypt **ARP** packets and to inject traffic into a network, even allowing
+ him to perform a **DoS** or an **ARP** poisoning".
- [KRACK](https://github.com/kristate/krackinfo): (K)ey (R)einstallation
- (A)tta(ck) ([jira AGL SPEC-1017](https://jira.automotivelinux.org/browse/SPEC-1017)).
+ (A)tta(ck) ([jira AGL
+ SPEC-1017](https://jira.automotivelinux.org/browse/SPEC-1017)).
### Recommendations
@@ -110,9 +111,9 @@ Connectivity-Wireless-Wifi-5 | Device | Upgraded easily in software
<!-- end-section-config -->
-See [Wifi attacks WEP WPA](https://matthieu.io/dl/wifi-attacks-wep-wpa.pdf)
-and [Breaking wep and wpa (Beck and Tews)](https://dl.aircrack-ng.org/breakingwepandwpa.pdf)
-for more information.
+See [Wifi attacks WEP WPA](https://matthieu.io/dl/wifi-attacks-wep-wpa.pdf) and
+[Breaking wep and wpa (Beck and
+Tews)](https://dl.aircrack-ng.org/breakingwepandwpa.pdf) for more information.
--------------------------------------------------------------------------------
@@ -132,7 +133,8 @@ for more information.
features but is limited by the transmitting power of class 2 Bluetooth radios,
normally capping its range at 10-15 meters.
- **Bluejacking** is the sending of unsolicited messages.
-- **BLE**: **B**luetooth **L**ow **E**nergy [attacks](https://www.usenix.org/system/files/conference/woot13/woot13-ryan.pdf).
+- **BLE**: **B**luetooth **L**ow **E**nergy
+ [attacks](https://www.usenix.org/system/files/conference/woot13/woot13-ryan.pdf).
- **DoS**: Drain a device's battery or temporarily paralyze the phone.
### Recommendations
@@ -142,8 +144,8 @@ for more information.
- Monitoring.
- Use **BLE** with caution.
- For v2.1 and later devices using **S**ecure **S**imple **P**airing (**SSP**),
- avoid using the "Just Works" association model. The device must verify that
- an authenticated link key was generated during pairing.
+ avoid using the "Just Works" association model. The device must verify that an
+ authenticated link key was generated during pairing.
<!-- section-config -->
@@ -157,10 +159,13 @@ Connectivity-Wireless-Bluetooth-5 | Anti-scanning | Used, inter alia, to slow do
<!-- end-section-config -->
-See [Low energy and the automotive transformation](http://www.ti.com/lit/wp/sway008/sway008.pdf),
-[Gattacking Bluetooth Smart Devices](http://gattack.io/whitepaper.pdf),
-[Comprehensive Experimental Analyses of Automotive Attack Surfaces](http://www.autosec.org/pubs/cars-usenixsec2011.pdf)
-and [With Low Energy comes Low Security](https://www.usenix.org/system/files/conference/woot13/woot13-ryan.pdf)
+See [Low energy and the automotive
+transformation](http://www.ti.com/lit/wp/sway008/sway008.pdf), [Gattacking
+Bluetooth Smart Devices](http://gattack.io/whitepaper.pdf), [Comprehensive
+Experimental Analyses of Automotive Attack
+Surfaces](http://www.autosec.org/pubs/cars-usenixsec2011.pdf) and [With Low
+Energy comes Low
+Security](https://www.usenix.org/system/files/conference/woot13/woot13-ryan.pdf)
for more information.
--------------------------------------------------------------------------------
@@ -177,7 +182,8 @@ for more information.
the service provider's real towers, it is considered a man-in-the-middle
(**MITM**) attack.
-- Lack of mutual authentication (**GPRS**/**EDGE**) and encryption with **GEA0**.
+- Lack of mutual authentication (**GPRS**/**EDGE**) and encryption with
+ **GEA0**.
- **Fall back** from **UMTS**/**HSPA** to **GPRS**/**EDGE** (Jamming against
**UMTS**/**HSPA**).
@@ -197,7 +203,8 @@ Connectivity-Wireless-Cellular-2 | UMTS/HSPA | Protected against Jamming.
<!-- end-section-config -->
-See [A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications](https://media.blackhat.com/bh-dc-11/Perez-Pico/BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-wp.pdf)
+See [A practical attack against GPRS/EDGE/UMTS/HSPA mobile data
+communications](https://media.blackhat.com/bh-dc-11/Perez-Pico/BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-wp.pdf)
for more information.
--------------------------------------------------------------------------------
@@ -234,7 +241,8 @@ Connectivity-Wireless-Radio-1 | RDS | Only audio output and meta concernin
### Recommendations
-- Should implements protection against relay and replay attacks (Tokens, etc...).
+- Should implements protection against relay and replay attacks (Tokens,
+ etc...).
- Disable unneeded and unapproved services and profiles.
- NFC should be use encrypted link (secure channel). A standard key agreement
protocol like Diffie-Hellmann based on RSA or Elliptic Curves could be applied