summaryrefslogtreecommitdiffstats
path: root/sec-blueprint/04-adversaries.md
diff options
context:
space:
mode:
Diffstat (limited to 'sec-blueprint/04-adversaries.md')
-rw-r--r--sec-blueprint/04-adversaries.md19
1 files changed, 12 insertions, 7 deletions
diff --git a/sec-blueprint/04-adversaries.md b/sec-blueprint/04-adversaries.md
index 8740ae5..1dd4758 100644
--- a/sec-blueprint/04-adversaries.md
+++ b/sec-blueprint/04-adversaries.md
@@ -1,5 +1,7 @@
This section lists some of the adversaries and attackers in Automotive.
-## Enthusiast Attackers:
+
+## Enthusiast Attackers
+
Enthusiast attackers have physical access to the Engine Control
Units (ECUs) at the circuit board level. They can solder ‘mod chips’
onto the board and have access to probing tools. They also have
@@ -9,14 +11,16 @@ This section lists some of the adversaries and attackers in Automotive.
could be, but is not limited to, adding extra horse power to the
car or hacking it just for fun.
-## Corrupt Dealers:
+## Corrupt Dealers
+
These are attackers that have access to the same capabilities as
enthusiasts, but also have access to the car manufacturer's (OEM)
dealer network. They may also have access to standard debugging
tools provided by the car manufacturer. Their goal may be to support
local car theft gangs or organized criminals.
-## Organized Criminal:
+## Organized Criminal
+
Organized Criminals have access to all of the above tools but may
also have some level of control over the internal network at
many dealerships. They may have hacked and gained temporary
@@ -26,7 +30,8 @@ This section lists some of the adversaries and attackers in Automotive.
Their goal is to extort money from an OEMs and/or governments by
threatening to disable multiple vehicles.
-## Malware Developers:
+## Malware Developers
+
Malware Developers have developed malicious software to attach
and compromise a large number of vehicle. The malicious software
would usually be designed spread from one vehicle to another.
@@ -34,11 +39,11 @@ This section lists some of the adversaries and attackers in Automotive.
access to them for malicious purposes like denial-of-service (DoS)
attacks or stealing private information and data.
-## Security Researchers:
+## Security Researchers
+
These attackers are ‘self-publicized’ security consultants trying
to make a name for themselves. They have access standard tools for
software security analysis. They also have physical access to the
vehicle and standard hardware debugging tools (Logic Analyzers,
Oscilloscopes, etc). Their goal is to publicize attacks for personal
- gains.
-
+ gains. \ No newline at end of file