Rail Threat Matrix | VATT&EK

Case Study - Rail

Rail Case Study 01 153

Manipulate Environment

Downgrade Attacks via Rogue Base station

ATE-001
Rogue Cellular Base Station

ATE-002
GNSS Attacks

ATE-004
GNSS Spoofing Attacks

ATE-004.01
GNSS Jamming

ATE-004.02
Sybil Attack

ATE-005
Camera Attacks

ATE-006
General Attacks on Camera Systems

ATE-006.01
Camera Feature Attacks

ATE-006.02
Blinding the Camera

ATE-006.03
LiDAR Attacks

ATE-007
LiDAR Replay Attacks

ATE-007.01
LiDAR Relaying Attack

ATE-007.02
LiDAR Spoofing Attacks

ATE-007.03
LiDAR Jamming / Saturation Attack

ATE-007.04
Spoofing FMCW Radar

ATE-008
Black Hole Attacks

ATE-009
TPMS Attacks

ATE-010
TPMS Jamming

ATE-010.01
TPMS Spoofing

ATE-010.02

Initial Access

Radio Data System (RDS) Attacks

ATE-012
Malicious SMS
32

ATE-013
Exploitation of Wi-Fi Stack

ATE-014
Gain access to Wi-Fi Hotspot

ATE-015
Exploitation via Bluetooth

ATE-016
Exploitation via C-V2X

ATE-017
Exploitation via DSRC

ATE-018
Exploitation via Repair Shop/Garage/Factory

ATE-019
Exploitation of OBD Dongles

ATE-020
Hardware addition

ATE-021
Physical Access (CAN-Injection)
35

ATE-021.01
Connect device network via USB-Ethernet
33

ATE-021.02
Code Execution via USB

ATE-021.03
Code Execution via SD Card

ATE-021.04
Code Execution via CD

ATE-021.05
Exploitation via OBD Interface
33

ATE-022
Supply Chain Compromise

ATE-023
Unsecured Web APIs

ATE-024
Hacking in-vehicle apps

ATE-025
Malicious App Delivery

ATE-026
Drive-by Compromise

ATE-027
Exploitation via charging station

ATE-028
Keyless Go Attacks

ATE-029
Replay Attack

ATE-029.01
Relay Attack

ATE-029.02
Roll Jam Attack

ATE-029.03
Roll Back Attack

ATE-029.04
Exfiltration via Removable Media

ATE-079

Execution

Command and Scripting Interpreter

ATE-034
Inter-process Communication: D-Bus
31

ATE-035
Native API

ATE-036
Scheduled Task/Job

ATE-037
User Execution

ATE-038

Persistence

Persistence via Credentials

ATE-039
Firmware Installation - Reprogram ECU

ATE-040
Modify OS Kernel, Boot / System Partition

ATE-041
Modify TEE

ATE-042

Privilege Escalation

Exploit Application Vulnerability

ATE-043
Exploit OS Vulnerability

ATE-044
Hardware Fault Injection

ATE-045
Reprogram ECU for privilege escalation
31

ATE-047

Defense Evasion

Bypass SecurityAccess

ATE-048
Bypass Code Signing Check
33

ATE-049
Firmware Installation - Reprogram ECU: Downgrade

ATE-050
Deactivate Immobilizer
35

ATE-051
Downgrade to insecure protocol

ATE-052
Enable Remote Functions
32

ATE-053

Credential Access

Discovery

Lateral Movement

Exploitation of Remote Services
33

ATE-065
Remote Services

ATE-066
Replication Through Removable Media

ATE-067
Exploit ECU for Lateral Movement

ATE-068
Bridge Vehicle Networks

ATE-069

Collection

Command and Control

C2 via SMS

ATE-074
C2 via Short Range Wireless Communication

ATE-075
C2 via Mid Range Wireless Communication

ATE-076
C2 via Wide Range Wireless Communication

ATE-077

Exfiltration

Exfiltration via Memory mapped Registers

ATE-078
Exfiltration via SMS

ATE-080
Exfiltration via C-V2X

ATE-081
Exfiltration via DSRC

ATE-082

Affect Vehicle Function

Control Horn

ATE-083
Control HVAC

ATE-084
Control Engine

ATE-085
Control Doors
32, 35

ATE-086
Control Lights
31

ATE-087
Control Airbag
31

ATE-088
Control Windows

ATE-089
Speed control

ATE-090
Manipulate Passenger Information System

ATE-093
Control Instrument Panel Cluster (IPC)

ATE-094
Denial of Service

ATE-095

Impact

Denial of Control

ATE-098
Denial of View

ATE-099
Loss of Control

ATE-100
Enable premium features

ATE-101
Chip Tuning

ATE-102
Odometer fraud

ATE-103
Vehicle Theft

ATE-104