|Manipulate Environment||Initial Access||Execution||Persistence||Privilege Escalation||Defense Evasion||Credential Access||Discovery||Lateral Movement||Collection||Command and Control||Exfiltration||Affect Vehicle Function||Impact|
|Rogue Cellular Base Station||Drive-by Compromise||Command and Scripting Interpreter||Modify System Image||Exploit OS Vulnerability||Subvert Trust Controls||Adversary-in-the-Middle||Location Tracking||Exploitation of Remote Services||Adversary-in-the-Middle||Application Layer Protocol||Exfiltration Over C2 Channel||Unintended Vehicle Control Message||Loss of Availability|
|Rogue Wi-Fi Access Point||Exploit via Radio Interface||Command-Line Interface||Modify Trusted Execution Environment||Code Injection||Bypass Mandatory Access Control||Network Sniffing||Network Service Scanning||Exploit ECU for Lateral Movement||Access Personal Information||Non-Application Layer Protocol||Exfiltration Over Other Network Medium||Manipulation of CAN Bus Message||Loss of Control|
|Jamming or Denial of Service||Supply Chain Compromise||Native API||Abuse UDS for Persistence||Exploit TEE Vulnerability||Bypass UDS Security Access||Brute Force||System Network Connections Discovery||Abuse UDS for Lateral Movement||Access Vehicle Telemetry||Communication Through Removable Media||Exfiltration Over Physical Medium||Trigger System Function||Loss of Safety|
|Manipulate Device Communication||Deliver Malicious App||Hardware Fault Injection||Weaken Encryption||Unsecured Credentials||File and Directory Discovery||Abuse UDS for Collection||Receive-Only Communication Channel||Exfiltration Over Alternative Protocol||Denial of Control|
|ADAS Sensor Attack||Hardware Additions||Abuse Elevation Control Mechanism||OS Credential Dumping||Process Discovery||Data from Local System||Short-Range Wireless Communication||Exfiltration Over Web Service||Vehicle Content Theft|
|Downgrade to Insecure Protocols||Exploit via UDS||Disable or Modify System Firewall||Input Capture||Software Discovery||Capture SMS Messages||Cellular Communication||Transfer Data to Cloud Account|
|Exploit via Removable Media||Input Prompt||System Information Discovery||Capture Camera|
|Capture SMS Messages||System Network Connections Discovery||Capture Audio|
VicOne points out the following threat techniques that are not part of the MITRE ATT&CK framework and are unique to attacks targeting connected cars. As such, these are threat techniques that VicOne recommends for consideration by car OEMs when looking into automotive cyberattacks:
- ADAS Sensor Attack
- Exploit via UDS
- Bypass UDS Security Access
- Exploit ECU for Lateral Movement
- Access Vehicle Telemetry
- Unintended Vehicle Control Message
- Manipulation of CAN Bus Message
What unique insights can automotive attack mapping provide OEMs?
Mapping tactics and techniques used in automotive cyberattacks reveals the life cycle of a cyberattack on a connected car and how each stage of such an attack is conducted. This step-by-step breakdown gives car OEMs a unique glimpse into the mindset of an attacker by revealing their goals and chosen methods. With this knowledge, car OEMs can better integrate security into the earliest stages of connected car design and production, rather than adding it as an afterthought.
Request a Demo
How did VicOne come up with this automotive attack mapping?
VicOne, through the expertise of and research conducted by Trend Micro, used technical details from studies on car hacking to determine how attack chains were executed. It is important to note that none of these studies provide complete step-by-step attack chains to avoid the risk of giving cybercriminals actionable guides to compromising connected cars. Using reverse-engineering and their programming experience, researchers were able to theorize and fill in any gaps in the attack chains.
Why are most of these tactics and techniques also applicable to the IT world?
Connected cars share hardware, software, and communication protocols with the IT industry. Thanks to this industry’s already rich development environment, it has also successfully provided many of the technologies that connected vehicles need to function. More importantly, the IT industry has reduced the development costs of these vehicles by removing the need to create custom-built hardware and software. It is therefore not surprising that breaking down vehicle attack chains leads to the revelation of threats uncannily like everyday IT cyberattacks.
Know More From Our Resources
Gain Insights Into Automotive Cybersecurity
- Read MoreBlog
Hitachi Astemo, Trend Micro, and VicOne Expand Collaboration on Security Solutions for Connected Cars, Targeting 2025 CommercializationJanuary 24, 2023Hitachi Astemo, Trend Micro, and VicOne have expanded their collaboration to secure connected cars, aiming to commercialize solutions by 2025.
- Read MoreBlog
Panasonic Automotive Systems, Trend Micro, and VicOne Demonstrate Virtualization Security Solution for Next-Generation Vehicle Cockpit SystemsJanuary 23, 2023Together, Panasonic, Trend Micro, and VicOne have developed and demonstrated a virtualization security solution geared to thwart cyberattacks on ne...
- Read MoreBlogJanuary 20, 2023VicOne showcased its smart cockpit cybersecurity solution at CES, one of the world’s most influential tech events.
- Read MoreBlogJanuary 18, 2023In 2022, the automotive industry faced security challenges in its supply chain and saw signs of more complex attacks on the horizon. In 2023 and be...