diff options
| author |   Hammad Ahmed <hammad.ahmed@irdeto.com> | 2017-07-03 15:44:59 -0400 |
|---|---|---|
| committer | Hammad Ahmed <hammad.ahmed@irdeto.com> | 2017-07-17 09:13:49 -0400 |
| commit | 959b34029e83788121947eb04291a65458034d68 (patch) | |
| tree | cc2fe52f6c7fc415478632fb5d92aedb862f260e /sec-blueprint/02-adversaries.md | |
| parent | 9db4c56e0fcdda4496f1f249232de8117f3ae11c (diff) | |
Update AGL security blueprint
Diffstat (limited to 'sec-blueprint/02-adversaries.md')
| -rw-r--r-- | sec-blueprint/02-adversaries.md | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/sec-blueprint/02-adversaries.md b/sec-blueprint/02-adversaries.md new file mode 100644 index 0000000..3ece5bb --- /dev/null +++ b/sec-blueprint/02-adversaries.md @@ -0,0 +1,62 @@ +--- + +title : Adversaries +date : 2017-07-07 +category: security +tags: security, architecture, automotive, linux +layout: techdoc + +--- + +**Table of Content** + +1. TOC +{:toc} + +This section lists some of the adversaries and attackers within the +Automotive space + +# Enthusiast Attackers + Enthusiast attackers have physical access to the Engine Control + Units (ECUs) at the circuit board level. They can solder ‘mod chips’ + onto the board and have access to probing tools. They also have + information on ECUs that have been previously compromised and have + access to softwares and instructions developed by other members + of car modification forums. The goal of the enthusiast hacker + could be, but is not limited to, adding extra horse power to the + car or hacking it just for fun. + +# Corrupt Automotive Dealers + Corrupt automitive dealers are attackers that have access to the + same capabilities as enthusiasts, but also have access to the car + manufacturer's (OEM) dealer network. They may also have access to + standard debugging tools provided by the car manufacturer. Their + goal may be to support local car theft gangs or organized criminals. + +# Organized Criminals + Organized criminals have access to all of the above tools but may + also have some level of control over the internal network at + many dealerships. They may have hacked and gained temporary + control of the Over-The-Air (OTA) servers or the In-Vehicle + Infotainment (IVI) systems. This is very much like the role of + organized criminals in other industries such as paid media today. + Their goal is to extort money from OEMs and/or governments by + threatening to disable multiple vehicles. + +# Malware Developers + Malware developers have developed malicious software to attack + and compromise a large number of vehicles. The malicious software + is usually designed to spread from one vehicle to another. + Usually, the goal is to take control of multiple machines and then sell + access to them for malicious purposes like denial-of-service (DoS) + attacks or theft of private information and data. + +# Security Researchers + Security researchers are ‘self-publicized’ security consultants trying + to make a name for themselves. They have access to standard tools for + software security analysis. They also have physical access to the + vehicle and standard hardware debugging tools (Logic Analyzers, + Oscilloscopes, etc). Their goal is to publicize attacks for personal + gain or just to gain personal understanding with a sense of helping make + things more secure. + |