Defense Evasion

The adversary is trying to avoid being detected.

Domain
Automotive
Rail
Technique-ID Title Description
ATE-048 Bypass SecurityAccess

An attacker can exploit vulnerabilities in Securityaccess to gain unauthorized access to sensitive data, execute diagnostic commands, and make changes to ECU.

ATE-049 Bypass Code Signing Check

Attackers can execute codes or malware, install tampered firmware by bypassing codes signing security mechanism.  This is done by exploiting vulnerabilities such as "lack of verification", "obsolete certificates" or "insecure key management".

ATE-050 Firmware Installation - Reprogram ECU: Downgrade

An attacker can install an outdated firmware that has a valid signature, but has vulnerabilities.

ATE-051 Deactivate Immobilizer

Attackers can get to disable the immobilizer in a car by sending fake CAN messages.

ATE-052 Downgrade to insecure protocol

Attackers force a vehicle's communication system to revert to a less secure protocol, making it easier to exploit vulnerabilities.

ATE-053 Enable Remote Functions

This technique involves unauthorized activation of remote functionalities, such as remote start or unlocking. In the automotive domain, it could lead to theft or unauthorized access, while in rail, it might enable unsanctioned control or monitoring of train systems.