What is automotive attack mapping?

With automotive attack mapping, VicOne breaks down the cyberattack life cycle into its component stages to provide a simulation of an automotive attack. By understanding what attackers are trying to achieve and their attack methods, security analysts can gain a clear picture of the attack scope and implement necessary remediation and improvement plans.

Given the key role in IT security of MITRE ATT&CK® as a curated knowledge base of adversarial tactics, techniques, and procedures (TTPs), and in turn the role of IT security in the automotive industry, VicOne highlights tactics and techniques in the MITRE ATT&CK framework that are also applicable to cyberattacks on connected vehicles.


Manipulate Environment Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Affect Vehicle Function Impact
Rogue Cellular Base Station Drive-by Compromise Command and Scripting Interpreter Modify System Image Exploit OS Vulnerability Subvert Trust Controls Adversary-in-the-Middle Location Tracking Exploitation of Remote Services Adversary-in-the-Middle Application Layer Protocol Exfiltration Over C2 Channel Unintended Vehicle Control Message Loss of Availability
Rogue Wi-Fi Access Point Exploit via Radio Interface Command-Line Interface Modify Trusted Execution Environment Code Injection Bypass Mandatory Access Control Network Sniffing Network Service Scanning Exploit ECU for Lateral Movement Access Personal Information Non-Application Layer Protocol Exfiltration Over Other Network Medium Manipulation of CAN Bus Message Loss of Control
Jamming or Denial of Service Supply Chain Compromise Native API Abuse UDS for Persistence Exploit TEE Vulnerability Bypass UDS Security Access Brute Force System Network Connections Discovery Abuse UDS for Lateral Movement Access Vehicle Telemetry Communication Through Removable Media Exfiltration Over Physical Medium Trigger System Function Loss of Safety
Manipulate Device Communication Deliver Malicious App     Hardware Fault Injection Weaken Encryption Unsecured Credentials File and Directory Discovery   Abuse UDS for Collection Receive-Only Communication Channel Exfiltration Over Alternative Protocol   Denial of Control
ADAS Sensor Attack Hardware Additions       Abuse Elevation Control Mechanism OS Credential Dumping Process Discovery   Data from Local System Short-Range Wireless Communication Exfiltration Over Web Service   Vehicle Content Theft
Downgrade to Insecure Protocols Exploit via UDS       Disable or Modify System Firewall Input Capture Software Discovery   Capture SMS Messages Cellular Communication Transfer Data to Cloud Account    
  Exploit via Removable Media         Input Prompt System Information Discovery   Capture Camera        
            Capture SMS Messages System Network Connections Discovery   Capture Audio        

From MITRE ATT&CK Mobile
From MITRE ATT&CK Enterprise
From MITRE ATT&CK ICS
From VicOne
(with some terminology adopted from Auto-ISAC Auto Threat Matrix)

VicOne points out the following threat techniques that are not part of the MITRE ATT&CK framework and are unique to attacks targeting connected cars. As such, these are threat techniques that VicOne recommends for consideration by car OEMs when looking into automotive cyberattacks:

  • ADAS Sensor Attack
  • Exploit via UDS
  • Bypass UDS Security Access
  • Exploit ECU for Lateral Movement
  • Access Vehicle Telemetry
  • Unintended Vehicle Control Message
  • Manipulation of CAN Bus Message

What unique insights can automotive attack mapping provide OEMs?

Mapping tactics and techniques used in automotive cyberattacks reveals the life cycle of a cyberattack on a connected car and how each stage of such an attack is conducted. This step-by-step breakdown gives car OEMs a unique glimpse into the mindset of an attacker by revealing their goals and chosen methods. With this knowledge, car OEMs can better integrate security into the earliest stages of connected car design and production, rather than adding it as an afterthought.


Request a Demo

Learn More



Know More From Our Resources

Gain Insights Into Automotive Cybersecurity

View More

Accelerate Your Automotive Cybersecurity Journey Today

Request a Demo