Automotive cybersecurity threat vectors

Automotive Cybersecurity Threat Vectors

Threat identification is coming up with ways on how someone can attack a vehicle through its various inputs. In other words, how someone can hack into a vehicle. Drilling down to the most complex processes will help during the threat modeling phase. Anything that you can think of, should be noted and examined further.

Below is a list of possible entry points into a vehicles complex system. Updates on future entry points will continue to be updated on this page. Credits and resources will be shown below for additional reference material.

Please note that the below list is not the only way into a vehicles network. As new technology keeps coming out, new attack vectors are prone to be discovered. If you get a new idea on how you can dig deeper in a specific area we highly encourage you to do so to move the automotive Cybersecurity research even further. We appreciate everyone’s help. Keep turning those cyber wrenches.

  • Access the internal network remotely from any location (cellular)
  • Incoming call exploitation in infotainment (cellular)
  • Subscriber Identity Module (SIM) exploitation in infotainment (cellular/local)
  • Remote diagnostic system exploitation (eg. OnStar) (cellular)
  • Cellular communication eavesdropping (cellular)
  • Jamming cellular communication (cellular)
  • Global Position System (GPS) tracking (cellular)
  • Access vehicle network (Wi-Fi)
  • Find exploits in software for call connections (Wi-Fi)
  • Malicious code execution on infotainment unit
  • Crack Wi-Fi password
  • Intercepting Wi-Fi communication
  • Key Fob malformed packets
  • Actively probing an immobilized to drain car battery
  • Drain key fob battery
  • Lock user out of vehicle
  • Stealing cryptographic keys during key fob handshake process
  • Brute-force key fob algorithm
  • Clone key fob
  • Jam key fob
  • Sending faults to ECU
  • Trick ECU into overcorrecting for spoofed road conditions
  • Alter TPMS receiver giving users false warnings
  • TPMS tracking
  • TPMS spoofing
  • Put infotainment console in debug mode
  • Alter infotainment diagnostic settings
  • Malicious code execution in infotainment unit locally
  • Hop from infotainment unit to CAN bus network

Similar Posts