An attacker can intercept SMS messages sent or received from the vehicle. Through this technique, important information can be obtained. SMS is used for multi factor authentication.
Input capture is a technique that can intercept user input. The malware can pretend to be a legitimate keyboard app. The data entered, such as login information, can be intercepted.
Adversaries attempt to crack passwords, credentials, and encryption keys through trial and error. The attackers try multiple usernames, passwords, tokens and test a variety of combinations until they gain access to vehicles.
Attackers intercepting and potentially altering communications between two vehicle components or systems. This can lead to unauthorized access or manipulation of sensitive data, such as authentication credentials or command signals, compromising the integrity and security of the entire vehicle system.
This technique involves unauthorized activation of remote functionalities, such as remote start or unlocking. In the automotive domain, it could lead to theft or unauthorized access, while in rail, it might enable unsanctioned control or monitoring of train systems.
Attackers force a vehicle's communication system to revert to a less secure protocol, making it easier to exploit vulnerabilities.
Attackers can get to disable the immobilizer in a car by sending fake CAN messages.
An attacker can install an outdated firmware that has a valid signature, but has vulnerabilities.
Attackers can execute codes or malware, install tampered firmware by bypassing codes signing security mechanism. This is done by exploiting vulnerabilities such as "lack of verification", "obsolete certificates" or "insecure key management".
An attacker can exploit vulnerabilities in Securityaccess to gain unauthorized access to sensitive data, execute diagnostic commands, and make changes to ECU.