Manipulate Environment

Manipulate Environment

Domain
Automotive
Technique-ID Title Description
ATE-001 Downgrade Attacks via Rogue Base station

Downgrade attacks, especially in the context of Rogue Cellular Base Station (RBS), involve forcing a device to connect to a less secure network or protocol, making it easier for attackers to exploit vulnerabilities, intercept communications, or attacking privacy.

ATE-002 Rogue Cellular Base Station

In 4G networks, RBSs or International Mobile Subscriber Identity (IMSI) catchers targeting the IMSIs of User Equipment (UE) during the initial attachment process. Once an IMSI is stolen, subscriber privacy can be severely compromised. Man-in-the-Middle (MitM) attacks are common, where a malicious third party's RBS masquerades as a genuine network's BS. In 5G Cellular Vehicle to Everything (C-V2X) autonomous platooning scenarios, attackers deploy RBS near roads. By overpowering legitimate signals, the RBS hijacks platoon communications.
This unauthorized control can mislead autonomous vehicles, leading to potential traffic disruptions or major incidents. An undetected RBS can lead to DoS attacks and subscriber privacy breaches.

ATE-004 GNSS Attacks

NA

ATE-004.01 GNSS Spoofing Attacks

GNSS Spoofing Attacks deceive receivers by transmitting counterfeit GNSS signals. The spoofing signals must match the authentic signals, Pseudo Random Noise (PRN) code sequence and frequency. The number of spoofed satellites usually equals the number of authentic signals. The navigation data bit stream structure remains the same, but content can be manipulated. The initial carrier phase alignment between spoofed and authentic signals is challenging, requiring precise relative positioning.

ATE-004.02 GNSS Jamming

GNSS Jamming involves transmitting high-power signals to GNSS receivers, exploiting theweaker satellite signals that reach the ground. Jammers can degrade the carrier-to-noise ratio (C/N 0) of the victim receiver or even cause it to "unlock."

ATE-005 Sybil Attack

In a Sybil attack, a malicious node illegitimately claims multiple identities and simultaneously exploits these fake identities to disturb the functionality of the Vehicular Ad Hoc Networks (VANET) by disseminating false information. In the presence of a Sybil node, any kind of attack can be launched on the VANET.

ATE-006 Camera Attacks

NA

ATE-006.01 General Attacks on Camera Systems

Cameras in ITS can detect traffic signs, delineation, or objects. These can be attacked in various ways: Traffic Sign Detection, can be fooled by placing fake traffic signs at improper locations or by hiding traffic signs with other shapes/colors to confuse the detection algorithms. Lane Detection can be confused by painting additional lines on the road or using different colors. Object Tracking is limited due to computational power or resolution. A denial of service can be caused by presenting too many objects to track. Deep Neural Networks (DNNs), which are used in camera software, can be easily fooled by images that are unrecognizable to humans but are recognized by DNNs with high confidence.

ATE-006.02 Camera Feature Attacks

Cameras have features like automatic exposure controls, auto-focus, and light-sensitivity. These can be targeted in attacks. Cameras normalize lighting conditions iteratively. Directing light at the image sensor can cause the camera to tune down its sensitivity and exposure, leading to undesired effects. For instance, auto exposure tuning down due to headlights at night could hide information in the background, such as traffic signs or pedestrians. The Google Driverless Car has been noted to be susceptible to this problem. These attacks are aiming to influence the camera's auto controls in the period before the image recovers and stabilizes. It's harder to detect because it consists of bursts of light instead of a constant beam. The longer it takes for the image to stabilize, the longer the car is vulnerable to undetected objects. This attack is different from situations like driving out of a tunnel, where the camera can adapt more gradually to new conditions.

ATE-006.03 Blinding the Camera

Fully or partially blind the camera by emitting light into it to hide objects. Not detecting objects like speed limit signs or traffic lights can jeopardize safety. Blinding occurs when the camera can't adjust the auto exposure or gain anymore, resulting in an overexposed image. The effectiveness of the blinding attack depends on three variables: Environmental light (brighter environments require more light to blind the camera), the light source used for blinding (i.e., wavelength), the distance between the light source and the camera. The attack involves using commodity hardware like a laser pointer or cheap LEDs. The effectiveness of the attack is assessed using the tonal distribution, representing the distribution of the number of pixels per grayscale value.

ATE-007 LiDAR Attacks

LiDAR systems emit light pulses and measures their reflection time for vehicle environment perception. The earlier LiDAR receives the signal, the closer the object will appear. The primary goal of LiDAR attacks is to introduce noise, create fake echos, or generate fake objects.

ATE-007.01 LiDAR Replay Attacks

LiDAR Replay Attacks captures legitimate LiDAR signals and re-transmits them to deceive the system.

ATE-007.02 LiDAR Relaying Attack

LiDAR Relaying Attack is an extension of the replay attack. The attack aims to to relay the original signal sent from the target vehicle's LiDAR from a different position, creating fake echos. This can make real objects appear closer or further than their actual locations. A relay attack is most likely to be executed from the road side, where an attacker might receive LiDAR signals from vehicles and relay them to another vehicle located elsewhere.

ATE-007.03 LiDAR Spoofing Attacks

LiDAR Spoofing Attacks builds on the relay attack and exploit the system's light pulse mechanism to manipulate perceived object distances in ITS. By injecting counterfeit signals and controlling parameters like delay and pulse sequences, attackers can create illusions of objects at varying distances. This technique can deceive the vehicle's sensors, presenting significant vulnerabilities in the safety and functionality of ITS.

ATE-007.04 LiDAR Jamming / Saturation Attack

By illuminating the LiDAR with a strong light of the same wavelength , attackers can effectively "erase" existing objects in the sensed output of the LiDAR. This means that the LiDAR would not be able to detect certain objects, potentially leading to hazardous situations. 

ATE-008 Spoofing FMCW Radar

FMCW radars emit electromagnetic waves and measure reflections to determine object distances and velocities. An attacker vehicle is positioned in front of the victims vehicle. The attacker uses a modified radar system, transmitting a powerful signal that overpowers the real reflected signal. The attacker's radar measures the true relative distance and velocity from the victim's vehicle to execute the attack.

ATE-009 Black Hole Attacks

Black Hole Attacks in VANET involve malicious vehicles that drop all received packets instead of forwarding them. The objectives of these attacks are to inhibit the forwarding of packets from one vehicle to its neighboring "destination node", prevent the reception of packets from other vehicles, and disrupt the overall communication network, thereby posing significant threats to the safety and functionality of self-driving  ITS.

ATE-010 TPMS Attacks

NA

ATE-010.01 TPMS Jamming

The significant communication range of TPMS messages is approx 10 meters from the ITS with a basic antenna, and up to 40 meters with an low noise amplifier. Attackers can interfere with or jam these TPMS message transmissions from a distance.

ATE-010.02 TPMS Spoofing

The TPMS communications are based on standard modulation schemes and simple protocols without cryptographic mechanisms. The in-vehicle system appears to fully trust all received messages, lacking basic security practices like input validation. This makes spoofing attacks feasible, allowing adversaries to send counterfeit messages, causing the TPMS to malfunction. Transmissions can be spoofed from the roadside or a nearby vehicle.