blob: 8740ae5862d8b18637e9ebfc5d717b99da2c48a9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
This section lists some of the adversaries and attackers in Automotive.
## Enthusiast Attackers:
Enthusiast attackers have physical access to the Engine Control
Units (ECUs) at the circuit board level. They can solder ‘mod chips’
onto the board and have access to probing tools. They also have
information on ECUs that have been hacked previously and have
access to softwares and instructions developed by other members
of car modification forums. The goal of the enthusiast hacker
could be, but is not limited to, adding extra horse power to the
car or hacking it just for fun.
## Corrupt Dealers:
These are attackers that have access to the same capabilities as
enthusiasts, but also have access to the car manufacturer's (OEM)
dealer network. They may also have access to standard debugging
tools provided by the car manufacturer. Their goal may be to support
local car theft gangs or organized criminals.
## Organized Criminal:
Organized Criminals have access to all of the above tools but may
also have some level of control over the internal network at
many dealerships. They may have hacked and gained temporary
control of the Over-The-Air (OTA) servers or the In-Vehicle
Infotainment (IVI) systems. This is very much like the role of
organized criminals in other industries such as paid media today.
Their goal is to extort money from an OEMs and/or governments by
threatening to disable multiple vehicles.
## Malware Developers:
Malware Developers have developed malicious software to attach
and compromise a large number of vehicle. The malicious software
would usually be designed spread from one vehicle to another.
The goal usually is to take control of multiple machines then sell
access to them for malicious purposes like denial-of-service (DoS)
attacks or stealing private information and data.
## Security Researchers:
These attackers are ‘self-publicized’ security consultants trying
to make a name for themselves. They have access standard tools for
software security analysis. They also have physical access to the
vehicle and standard hardware debugging tools (Logic Analyzers,
Oscilloscopes, etc). Their goal is to publicize attacks for personal
gains.
|
