In previous posts, we talked about what threatens the owners of connected cars and discussed ways to hack such vehicles. In this post, we will discuss the generalized hacking method and threat model for smart vehicles, resulting from the third part of our study, Driving Security Into Connected Cars: Threat Model and Recommendations .
Generalized remote hacking method
Jeep Cherokee, BMW Tesla. , , , CAN- .
:
β WiβFiβ. Β« Β» (MitM) , Wi-Fi.
, - . . , .
- -, , WebKit. , Linux shell .
, shell, , . root- . Linux, , , .
, , , . CAN- , , CAN- . , .
, . «» , .
, CAN- . / CAN-. , CAN- CAN-.
CAN- ID CAN-, .
, , . . .
, (Intelligent Transportation System, ITS). , , - / . :
V2X, ;
V2X, ;
ITS;
MitM- ITS;
ITS;
/ ;
ITS;
MitM- ;
, ;
;
CAN;
«» ;
- ;
;
;
, ;
;
;
;
Shodan;
, , RDS-TMC, «» .
Β« Β» (DDoS) ITS;
DDoS- ITS;
;
;
, , SQL-, (XSS), DNS;
V2X;
;
V2X .
β , V2X- ITS ITS. , , β , .
.
, , , . , .
. DREAD, :
(Damage potential): , ?
(Reproducibility): ?
(Exploitability): ?
(Affected users): ?
(Discoverability): , ?
, , .
, DREAD . :
, 12 15;
β 8 11;
β 5 7.
DREAD, . , , .
, :
29 66% , 17% β 17% β .
, , , , , , .
. , / , β .
.
DDoS Shodan .
-, , , ITS, V2X, . , , .
ITS . , , .
ITS, V2X, . , , . , , , , SaaS, , . , ITS , , .