Defense Evasion
The adversary is trying to avoid being detected.
Technique-ID | Title | Description |
---|---|---|
ATE-048 | Bypass SecurityAccess |
An attacker can exploit vulnerabilities in Securityaccess to gain unauthorized access to sensitive data, execute diagnostic commands, and make changes to ECU. |
ATE-049 | Bypass Code Signing Check |
Attackers can execute codes or malware, install tampered firmware by bypassing codes signing security mechanism. This is done by exploiting vulnerabilities such as "lack of verification", "obsolete certificates" or "insecure key management". |
ATE-050 | Firmware Installation - Reprogram ECU: Downgrade |
An attacker can install an outdated firmware that has a valid signature, but has vulnerabilities. |
ATE-051 | Deactivate Immobilizer |
Attackers can get to disable the immobilizer in a car by sending fake CAN messages. |
ATE-052 | Downgrade to insecure protocol |
Attackers force a vehicle's communication system to revert to a less secure protocol, making it easier to exploit vulnerabilities. |
ATE-053 | Enable Remote Functions |
This technique involves unauthorized activation of remote functionalities, such as remote start or unlocking. In the automotive domain, it could lead to theft or unauthorized access, while in rail, it might enable unsanctioned control or monitoring of train systems. |