Techniques

TID Name Description
ATE-001 Downgrade Attacks via Rogue Base station

Downgrade attacks, especially in the context of Rogue Cellular Base Station (RBS), involve forcing a device to connect to a less secure network or protocol, making it easier for attackers to exploit vulnerabilities, intercept communications, or attacking privacy.

ATE-001 Downgrade Attacks via Rogue Base station

Downgrade attacks, especially in the context of Rogue Cellular Base Station (RBS), involve forcing a device to connect to a less secure network or protocol, making it easier for attackers to exploit vulnerabilities, intercept communications, or attacking privacy.

ATE-002 Rogue Cellular Base Station

In 4G networks, RBSs or International Mobile Subscriber Identity (IMSI) catchers targeting the IMSIs of User Equipment (UE) during the initial attachment process. Once an IMSI is stolen, subscriber privacy can be severely compromised. Man-in-the-Middle (MitM) attacks are common, where a malicious third party's RBS masquerades as a genuine network's BS. In 5G Cellular Vehicle to Everything (C-V2X) autonomous platooning scenarios, attackers deploy RBS near roads. By overpowering legitimate signals, the RBS hijacks platoon communications.
This unauthorized control can mislead autonomous vehicles, leading to potential traffic disruptions or major incidents. An undetected RBS can lead to DoS attacks and subscriber privacy breaches.

ATE-002 Rogue Cellular Base Station

In 4G networks, RBSs or International Mobile Subscriber Identity (IMSI) catchers targeting the IMSIs of User Equipment (UE) during the initial attachment process. Once an IMSI is stolen, subscriber privacy can be severely compromised. Man-in-the-Middle (MitM) attacks are common, where a malicious third party's RBS masquerades as a genuine network's BS. In 5G Cellular Vehicle to Everything (C-V2X) autonomous platooning scenarios, attackers deploy RBS near roads. By overpowering legitimate signals, the RBS hijacks platoon communications.
This unauthorized control can mislead autonomous vehicles, leading to potential traffic disruptions or major incidents. An undetected RBS can lead to DoS attacks and subscriber privacy breaches.

ATE-004 GNSS Attacks

NA

ATE-004 GNSS Attacks

NA

ATE-004.01 GNSS Spoofing Attacks

GNSS Spoofing Attacks deceive receivers by transmitting counterfeit GNSS signals. The spoofing signals must match the authentic signals Pseudo Random Noise (PRN) code sequence and frequency. The number of spoofed satellites usually equals the number of authentic signals. The navigation data bit stream structure remains the same, but content can be manipulated. The initial carrier phase alignment between spoofed and authentic signals is challenging, requiring precise relative positioning.

ATE-004.01 GNSS Spoofing Attacks

GNSS Spoofing Attacks deceive receivers by transmitting counterfeit GNSS signals. The spoofing signals must match the authentic signals Pseudo Random Noise (PRN) code sequence and frequency. The number of spoofed satellites usually equals the number of authentic signals. The navigation data bit stream structure remains the same, but content can be manipulated. The initial carrier phase alignment between spoofed and authentic signals is challenging, requiring precise relative positioning.

ATE-004.02 GNSS Jamming

GNSS Jamming involves transmitting
high-power signals to GNSS receivers, exploiting theweaker
satellite signals that reach the ground. Jammers can degrade the carrier-to-noise ratio (C/N 0) of the victim receiver or even cause it to "unlock."

ATE-004.02 GNSS Jamming

GNSS Jamming involves transmitting
high-power signals to GNSS receivers, exploiting theweaker
satellite signals that reach the ground. Jammers can degrade the carrier-to-noise ratio (C/N 0) of the victim receiver or even cause it to "unlock."

ATE-005 Sybil Attack

In a Sybil attack, a malicious node
illegitimately claims multiple identities and simultaneously exploits
these fake identities to disturb the functionality of the Vehicular
Ad Hoc Networks (VANET) by disseminating false information. In the presence of a Sybil node, any kind of attack can be launched on the VANET.

ATE-006 Camera Attacks

NA

ATE-006 Camera Attacks

NA

ATE-006.01 General Attacks on Camera Systems

Cameras in ITS can detect traffic signs, delineation, or objects. These can be attacked in various ways: Traffic Sign Detection, can be fooled by placing fake traffic signs at improper locations or by hiding traffic signs with other shapes/colors to confuse the detection algorithms. Lane Detection can be confused by painting additional lines on the road or using different colors. Object Tracking is limited due to computational power or resolution. A denial of service can be caused by presenting too many objects to track. Deep Neural Networks (DNNs), which are used in camera software, can be easily fooled by images that are unrecognizable to humans but are recognized by DNNs with high confidence.

ATE-006.01 General Attacks on Camera Systems

Cameras in ITS can detect traffic signs, delineation, or objects. These can be attacked in various ways: Traffic Sign Detection, can be fooled by placing fake traffic signs at improper locations or by hiding traffic signs with other shapes/colors to confuse the detection algorithms. Lane Detection can be confused by painting additional lines on the road or using different colors. Object Tracking is limited due to computational power or resolution. A denial of service can be caused by presenting too many objects to track. Deep Neural Networks (DNNs), which are used in camera software, can be easily fooled by images that are unrecognizable to humans but are recognized by DNNs with high confidence.

ATE-006.02 Camera Feature Attacks

Cameras have features like automatic exposure controls, auto-focus, and light-sensitivity. These can be targeted in attacks. Cameras normalize lighting conditions iteratively. Directing light at the image sensor can cause the camera to tune down its sensitivity and exposure, leading to undesired effects. For instance, auto exposure tuning down due to headlights at night could hide information in the background, such as traffic signs or pedestrians. The Google Driverless Car has been noted to be susceptible to this problem. These attacks are aiming to influence the camera's auto controls in the period before the image recovers and stabilizes. It's harder to detect because it consists of bursts of light instead of a constant beam. The longer it takes for the image to stabilize, the longer the car is vulnerable to undetected objects. This attack is different from situations like driving out of a tunnel, where the camera can adapt more gradually to new conditions.

ATE-006.02 Camera Feature Attacks

Cameras have features like automatic exposure controls, auto-focus, and light-sensitivity. These can be targeted in attacks. Cameras normalize lighting conditions iteratively. Directing light at the image sensor can cause the camera to tune down its sensitivity and exposure, leading to undesired effects. For instance, auto exposure tuning down due to headlights at night could hide information in the background, such as traffic signs or pedestrians. The Google Driverless Car has been noted to be susceptible to this problem. These attacks are aiming to influence the camera's auto controls in the period before the image recovers and stabilizes. It's harder to detect because it consists of bursts of light instead of a constant beam. The longer it takes for the image to stabilize, the longer the car is vulnerable to undetected objects. This attack is different from situations like driving out of a tunnel, where the camera can adapt more gradually to new conditions.

ATE-006.03 Blinding the Camera

Fully or partially blind the camera by emitting light into it to hide objects. Not detecting objects like speed limit signs or traffic lights can jeopardize safety. Blinding occurs when the camera can't adjust the auto exposure or gain anymore, resulting in an overexposed image. The effectiveness of the blinding attack depends on three variables: Environmental light (brighter environments require more light to blind the camera), the light source used for blinding (i.e., wavelength), the distance between the light source and the camera. The attack involves using commodity hardware like a laser pointer or cheap LEDs. The effectiveness of the attack is assessed using the tonal distribution, representing the distribution of the number of pixels per grayscale value.

ATE-006.03 Blinding the Camera

Fully or partially blind the camera by emitting light into it to hide objects. Not detecting objects like speed limit signs or traffic lights can jeopardize safety. Blinding occurs when the camera can't adjust the auto exposure or gain anymore, resulting in an overexposed image. The effectiveness of the blinding attack depends on three variables: Environmental light (brighter environments require more light to blind the camera), the light source used for blinding (i.e., wavelength), the distance between the light source and the camera. The attack involves using commodity hardware like a laser pointer or cheap LEDs. The effectiveness of the attack is assessed using the tonal distribution, representing the distribution of the number of pixels per grayscale value.

ATE-007 LiDAR Attacks

LiDAR systems emit light pulses and
measures their reflection time for vehicle environment perception.
The earlier LiDAR receives the signal, the closer the object will appear. The primary goal of LiDAR attacks is to introduce noise, create fake echos, or generate fake objects.

ATE-007 LiDAR Attacks

LiDAR systems emit light pulses and
measures their reflection time for vehicle environment perception.
The earlier LiDAR receives the signal, the closer the object will appear. The primary goal of LiDAR attacks is to introduce noise, create fake echos, or generate fake objects.

ATE-007.01 LiDAR Replay Attacks

LiDAR Replay Attacks captures legitimate LiDAR signals and re-transmits them to deceive the system.

ATE-007.01 LiDAR Replay Attacks

LiDAR Replay Attacks captures legitimate LiDAR signals and re-transmits them to deceive the system.

ATE-007.02 LiDAR Relaying Attack

LiDAR Relaying Attack is an extension of the replay attack. The attack aims to to relay the original signal sent from the target vehicle's LiDAR from a different position, creating fake echos. This can make real objects appear closer or further than their actual locations. A relay attack is most likely to be executed from the road side, where an attacker might receive LiDAR signals from vehicles and relay them to another vehicle located elsewhere.

ATE-007.02 LiDAR Relaying Attack

LiDAR Relaying Attack is an extension of the replay attack. The attack aims to to relay the original signal sent from the target vehicle's LiDAR from a different position, creating fake echos. This can make real objects appear closer or further than their actual locations. A relay attack is most likely to be executed from the road side, where an attacker might receive LiDAR signals from vehicles and relay them to another vehicle located elsewhere.

ATE-007.03 LiDAR Spoofing Attacks

LiDAR Spoofing Attacks builds on the relay attack and exploit the system's light pulse mechanism to manipulate perceived object distances in ITS. By injecting counterfeit signals and controlling parameters like delay and pulse sequences, attackers can create illusions of objects at varying distances. This technique can deceive the vehicle's sensors, presenting significant vulnerabilities in the safety and functionality of ITS.

ATE-007.03 LiDAR Spoofing Attacks

LiDAR Spoofing Attacks builds on the relay attack and exploit the system's light pulse mechanism to manipulate perceived object distances in ITS. By injecting counterfeit signals and controlling parameters like delay and pulse sequences, attackers can create illusions of objects at varying distances. This technique can deceive the vehicle's sensors, presenting significant vulnerabilities in the safety and functionality of ITS.

ATE-008 Spoofing FMCW Radar

FMCW radars emit electromagnetic waves and measure reflections to determine object distances and velocities. An attacker vehicle is positioned in front of the victims vehicle. The attacker uses a modified radar system, transmitting a powerful signal that overpowers the real reflected signal. The attacker's radar measures the true relative distance and velocity from the victim's vehicle to execute the attack.

ATE-008 Spoofing FMCW Radar

FMCW radars emit electromagnetic waves and measure reflections to determine object distances and velocities. An attacker vehicle is positioned in front of the victims vehicle. The attacker uses a modified radar system, transmitting a powerful signal that overpowers the real reflected signal. The attacker's radar measures the true relative distance and velocity from the victim's vehicle to execute the attack.

ATE-009 Black Hole Attacks

Black Hole Attacks in VANET involve malicious vehicles that drop all received packets instead of forwarding them. The objectives of these attacks are to inhibit the forwarding of packets from one vehicle to its neighboring "destination node", prevent the reception of packets from other vehicles, and disrupt the overall communication network, thereby posing significant threats to the safety and functionality of self-driving ITS.

ATE-010 TPMS Attacks

NA

ATE-010.01 TPMS Jamming

The significant communication range of TPMS messages is approx 10 meters from the ITS with a basic antenna, and up to 40 meters with an low noise amplifier. Attackers can interfere with or jam these TPMS message transmissions from a distance.

ATE-010.02 TPMS Spoofing

The TPMS communications are based on standard modulation schemes and simple protocols without cryptographic mechanisms. The in-vehicle system appears to fully trust all received messages, lacking basic security practices like input validation. This makes spoofing attacks feasible, allowing adversaries to send counterfeit messages, causing the TPMS to malfunction. Transmissions can be spoofed from the roadside or a nearby vehicle.

ATE-011 Attacks on Road Side Units/Balise

This technique focuses on compromising or manipulating RSU}/Balises and thus the communication and data exchange between vehicles and the infrastructure elements. Such attacks can disrupt the normal functioning of a vehicle by feeding it misleading information or by blocking essential signals, potentially leading to unsafe conditions or operational inefficiencies.

ATE-012 Radio Data System (RDS) Attacks

RDS Attacks involves tricking victims into installing a benign-looking app that uses the RDS interface. Initially, this app exhibits no malicious behavior. Post-installation, the app dynamically downloads a backdoor, reassembling RDS packets to execute the payload. The exploit remains undetected as antiviruses can't scan runtime downloads. The attack bypasses Android's security checks of the vehicles infotainment system, exploiting vulnerabilities in the FM Radio API.

ATE-012 Radio Data System (RDS) Attacks

RDS Attacks involves tricking victims into installing a benign-looking app that uses the RDS interface. Initially, this app exhibits no malicious behavior. Post-installation, the app dynamically downloads a backdoor, reassembling RDS packets to execute the payload. The exploit remains undetected as antiviruses can't scan runtime downloads. The attack bypasses Android's security checks of the vehicles infotainment system, exploiting vulnerabilities in the FM Radio API.

ATE-013 Malicious SMS

An attacker can unlock a car and control other critical functions through malicious SMS.

ATE-014 Exploitation of Wi-Fi Stack

Attackers target vulnerabilities within the vehicle's WiFi communication stack, gaining unauthorized access or control.

ATE-014 Exploitation of Wi-Fi Stack

Attackers target vulnerabilities within the vehicle's WiFi communication stack, gaining unauthorized access or control.

ATE-015 Gain access to Wi-Fi Hotspot

Attackers exploiting vulnerabilities or weak configurations in a vehicle's onboard WiFi system.

ATE-015 Gain access to Wi-Fi Hotspot

Attackers exploiting vulnerabilities or weak configurations in a vehicle's onboard WiFi system.

ATE-016 Exploitation via Bluetooth

Vulnerabilities in bluetooth stack may allow an attacker to execute code and gain access to the system.

ATE-017 Exploitation via C-V2X

Attackers target vulnerabilities within the vehicle's C-V2X communication system, which facilitates information exchange between vehicles and infrastructure. This could potentially also compromise safety and traffic management systems.

ATE-018 Exploitation via DSRC

Attackers target vulnerabilities within the vehicle's DSRC system, used for V2V and V2I communications. Attackers can interfere with critical safety functions and traffic coordination.

ATE-019 Exploitation via Repair Shop/Garage/Factory

Attackers leveraging compromised systems within vehicle repair shops, garages, or factories. By exploiting these vulnerabilities, attackers can gain unauthorized access to the vehicle's systems, allowing them to introduce and execute malicious software.

ATE-019 Exploitation via Repair Shop/Garage/Factory

Attackers leveraging compromised systems within vehicle repair shops, garages, or factories. By exploiting these vulnerabilities, attackers can gain unauthorized access to the vehicle's systems, allowing them to introduce and execute malicious software.

ATE-020 Exploitation of OBD Dongles

OBD dongle connects to a vehicle's OBD interface. This interface is present in all modern automotive vehicles and is used for vehicle diagnosis and monitoring. Dongles can communicate via Wifi, Bluetooth, LTE, 5G and can be accessed from the Internet. An attacker could transfer malicious software to the OBD dongle to later gain access to the vehicle or compromise the control units.

ATE-021 Hardware addition

NA

ATE-021 Hardware addition

NA

ATE-021.01 Physical Access (CAN-Injection)

An attacker plugs his own hardware into the system or network as a "theft device".

ATE-021.02 Connect device network via USB-Ethernet

An attacker can plug in a USB flash drive that acts like a LAN cable to gain Ethernet access to the system

ATE-021.02 Connect device network via USB-Ethernet

An attacker can plug in a USB flash drive that acts like a LAN cable to gain Ethernet access to the system

ATE-021.03 Code Execution via USB

Malicious code or malware runs when a USB device or memory card is connected. Many computers and devices are configured to automatically run software after connecting a USB device or memory card. The malicious code is executed and attackers can then gain access to a system.

ATE-021.03 Code Execution via USB

Malicious code or malware runs when a USB device or memory card is connected. Many computers and devices are configured to automatically run software after connecting a USB device or memory card. The malicious code is executed and attackers can then gain access to a system.

ATE-021.04 Code Execution via SD Card

Attackers introducing malicious code into a vehicle's system through an infected SD card, commonly used in navigation or infotainment systems.

ATE-021.04 Code Execution via SD Card

Attackers introducing malicious code into a vehicle's system through an infected SD card, commonly used in navigation or infotainment systems.

ATE-021.05 Code Execution via CD

Attackers exploit vulnerabilities by inserting a CD with malicious code into the vehicle's audio or infotainment system, potentially gaining unauthorized access to connected systems.

ATE-021.05 Code Execution via CD

Attackers exploit vulnerabilities by inserting a CD with malicious code into the vehicle's audio or infotainment system, potentially gaining unauthorized access to connected systems.

ATE-022 Exploitation via OBD Interface

The OBD interface is a physical or wireless interface usually used by authorized mechanics or diagnostic equipment to access the vehicle's diagnostic data. Attackers can connect devices to the OBD interface and access and manipulate the vehicle's ECUs to introduce malicious software into the vehicle. This allows attackers to gain access later and even control it remotely.

ATE-023 Supply Chain Compromise

Products, software, and workflows are initially infected or counterfeited. They are manipulated before reaching the end consumer and are then utilized to gain access to control systems. The ultimate objective is to compromise data or systems once infected products enter the target environment.

ATE-023 Supply Chain Compromise

Products, software, and workflows are initially infected or counterfeited. They are manipulated before reaching the end consumer and are then utilized to gain access to control systems. The ultimate objective is to compromise data or systems once infected products enter the target environment.

ATE-024 Unsecured Web APIs

The increasing use of APIs in vehicle systems provides entry points for adversaries. Unsecured APIs provide opportunities for adversaries to exploit them.

ATE-024 Unsecured Web APIs

The increasing use of APIs in vehicle systems provides entry points for adversaries. Unsecured APIs provide opportunities for adversaries to exploit them.

ATE-025 Hacking in-vehicle apps

Adversaries exploit vulnerabilities or security gaps in the software applications integrated into a vehicle. These can be web browsers, multimedia applications, navigation apps.

ATE-025 Hacking in-vehicle apps

Adversaries exploit vulnerabilities or security gaps in the software applications integrated into a vehicle. These can be web browsers, multimedia applications, navigation apps.

ATE-026 Malicious App Delivery

Adversaries can trick, manipulate, or deceive users into installing malicious applications. This can be achieved through fake e-mails / websites / notifications / advertisements. Users believe that they are downloading a legitimate application when in fact they are receiving malware. Although app stores have strict security policies and reviews for published apps, some malicious apps can still bypass these reviews and appear in the official stores.

ATE-026 Malicious App Delivery

Adversaries can trick, manipulate, or deceive users into installing malicious applications. This can be achieved through fake e-mails / websites / notifications / advertisements. Users believe that they are downloading a legitimate application when in fact they are receiving malware. Although app stores have strict security policies and reviews for published apps, some malicious apps can still bypass these reviews and appear in the official stores.

ATE-027 Drive-by Compromise

Attackers can install malicious code or malware on a victim system when the user visits an infected website without the user having to actively click anything or download a file. This technique exploits vulnerabilities in web browsers, browser extensions or plugins to deliver the malicious payload to the victim's system.

ATE-027 Drive-by Compromise

Attackers can install malicious code or malware on a victim system when the user visits an infected website without the user having to actively click anything or download a file. This technique exploits vulnerabilities in web browsers, browser extensions or plugins to deliver the malicious payload to the victim's system.

ATE-028 Exploitation via charging station

Attackers exploit vulnerabilities in EVSE or their communication protocols to gain unauthorized access to the vehicle's systems.

ATE-029 Keyless Go Attacks

NA

ATE-029.01 Replay Attack

Attackers captures legitimate Keyless Go signals and re-transmits them to deceive the system.

ATE-029.02 Relay Attack

Relay Attack is an extension of the replay attack. Attackers relay the original signal and transmit signals between the vehicle and its key fob, deceiving the system into believing the key is in closer proximity, thereby enabling unauthorized access or ignition.

ATE-029.03 Roll Jam Attack

Attackers intercepting and delaying the signal transmitted by a key fob, causing a temporary disruption in the communication between the key and the vehicle.

ATE-029.04 Roll Back Attack

Attackers manipulate the sequence numbers or timestamps of the signals sent by the key fob. By "rolling back" these values, attackers can replay previous legitimate signals, deceiving the vehicle's security system and potentially gaining unauthorized access.

ATE-030 Service Compartment Access

By physically accessing compartments designed for maintenance or service tasks, attackers can connect to internal networks or systems of the vehicle. This technique is especially concerning for rail vehicles where service compartments might grant access to critical control systems.

ATE-031 Maintenance Notebook Infection

Manufacturers and operators of rail vehicles carry out maintenance and diagnostic work using maintenance notebooks. A notebook infected with malware is used to gain unauthorized access to the train network or other critical systems.

ATE-032 Exploitation of Internet Accessible Device

Internet exposed components of the vehicle can allow attackers to gain access to the vehicle. These are components that are unintentionally exposed to the Internet or are not sufficiently protected.

ATE-033 Remote Maintenance Accesspoint

For diagnosis and maintenance of the vehicles, OEM / manufacturers have remote access to the vehicles. Vehicles can be maintained via this interface.

ATE-034 Command and Scripting Interpreter

Attackers exploit command and script interpreters to execute commands, scripts, or binaries. These interpreters are fundamental tools for interacting with computer systems and can be found on various platforms.

ATE-034 Command and Scripting Interpreter

Attackers exploit command and script interpreters to execute commands, scripts, or binaries. These interpreters are fundamental tools for interacting with computer systems and can be found on various platforms.

ATE-035 Inter-process Communication: D-Bus

D-Bus is a communication protocol that facilitates data exchange between various software components within the vehicle, enhancing interoperability and enabling event-driven communication

ATE-035 Inter-process Communication: D-Bus

D-Bus is a communication protocol that facilitates data exchange between various software components within the vehicle, enhancing interoperability and enabling event-driven communication

ATE-036 Native API

Adversaries use the native OS application programming interface (API) to perform various actions. Native APIs allow controlled access to low-level OS services, including hardware, memory, and processes. These APIs are essential during system boot and regular operations.

ATE-036 Native API

Adversaries use the native OS application programming interface (API) to perform various actions. Native APIs allow controlled access to low-level OS services, including hardware, memory, and processes. These APIs are essential during system boot and regular operations.

ATE-037 Scheduled Task/Job

Attackers use the task scheduling feature to execute malicious code, either as a one-time event or at recurring intervals. Task scheduling is used to achieve persistence by running programs at system startup or on a schedule. It can also allow them to run processes using specific user account contexts, perhaps with elevated privileges.

ATE-037 Scheduled Task/Job

Attackers use the task scheduling feature to execute malicious code, either as a one-time event or at recurring intervals. Task scheduling is used to achieve persistence by running programs at system startup or on a schedule. It can also allow them to run processes using specific user account contexts, perhaps with elevated privileges.

ATE-038 User Execution

Users are tricked into taking actions using social engineering that result in the execution of malware or other malicious activities. Users are manipulated through phishing, vishing (voice phishing) or other forms of interaction.

ATE-038 User Execution

Users are tricked into taking actions using social engineering that result in the execution of malware or other malicious activities. Users are manipulated through phishing, vishing (voice phishing) or other forms of interaction.

ATE-039 Persistence via Credentials

Accounts that are already compromised can be used by an attacker to gain permanent access to the system.

ATE-039 Persistence via Credentials

Accounts that are already compromised can be used by an attacker to gain permanent access to the system.

ATE-040 Firmware Installation - Reprogram ECU

An attacker can flash the ECU with modified firmware to remain on the target system.

ATE-040 Firmware Installation - Reprogram ECU

An attacker can flash the ECU with modified firmware to remain on the target system.

ATE-042 Modify TEE

Malicious alteration of the \acf{tee} in a vehicle's system. By tampering with the TEE, adversaries can maintain persistent unauthorized access or control, potentially compromising the secure execution of critical vehicle functions.

ATE-042 Modify TEE

Malicious alteration of the \acf{tee} in a vehicle's system. By tampering with the TEE, adversaries can maintain persistent unauthorized access or control, potentially compromising the secure execution of critical vehicle functions.

ATE-043 Exploit Application Vulnerability

Attackers use this technique to gain higher privileges on a computer system by exploiting a vulnerability in application software. The attacker looks for vulnerabilities in application software installed on the target system. This could be a security vulnerability in any application such as web browsers, office programs, PDF viewers or other software. After the vulnerability is identified, the attacker develops a special "exploit" that targets the vulnerability. The attacker executes the exploit on the target system using the application affected by the vulnerability. After successful execution, the attacker can gain higher privileges on the system.

ATE-043 Exploit Application Vulnerability

Attackers use this technique to gain higher privileges on a computer system by exploiting a vulnerability in application software. The attacker looks for vulnerabilities in application software installed on the target system. This could be a security vulnerability in any application such as web browsers, office programs, PDF viewers or other software. After the vulnerability is identified, the attacker develops a special "exploit" that targets the vulnerability. The attacker executes the exploit on the target system using the application affected by the vulnerability. After successful execution, the attacker can gain higher privileges on the system.

ATE-044 Exploit OS Vulnerability

Attackers exploit a vulnerability in the operating system (OS) to gain higher permissions or privileges on a computer system. This could be a security hole, a software malfunction or unexpected behavior in the operating system. The attacker develops an exploit that is specifically tailored to the identified vulnerability. Once executed, the attacker can gain access to system resources, administrative accounts, or other sensitive information.

ATE-044 Exploit OS Vulnerability

Attackers exploit a vulnerability in the operating system (OS) to gain higher permissions or privileges on a computer system. This could be a security hole, a software malfunction or unexpected behavior in the operating system. The attacker develops an exploit that is specifically tailored to the identified vulnerability. Once executed, the attacker can gain access to system resources, administrative accounts, or other sensitive information.

ATE-045 Hardware Fault Injection

Refers to the deliberate introduction of faults into a vehicle's hardware components to exploit vulnerabilities and escalate privileges. This technique manipulates the hardware's normal operations, potentially granting attackers unauthorized access or control over vehicle systems.

ATE-045 Hardware Fault Injection

Refers to the deliberate introduction of faults into a vehicle's hardware components to exploit vulnerabilities and escalate privileges. This technique manipulates the hardware's normal operations, potentially granting attackers unauthorized access or control over vehicle systems.

ATE-046 Exploit TEE Vulnerability

An attacker can gain privileges held by the TEE by exploiting the Trusted Execution Environment (TEE) vulnerabilities. This can give him access to sensitive data and cryptography material or allow manipulation of the data.

ATE-046 Exploit TEE Vulnerability

An attacker can gain privileges held by the TEE by exploiting the Trusted Execution Environment (TEE) vulnerabilities. This can give him access to sensitive data and cryptography material or allow manipulation of the data.

ATE-047 Reprogram ECU for privilege escalation

An attacker installs a new firmware that grants him more rights on the systems.

ATE-047 Reprogram ECU for privilege escalation

An attacker installs a new firmware that grants him more rights on the systems.

ATE-048 Bypass SecurityAccess

An attacker can exploit vulnerabilities in Securityaccess to gain unauthorized access to sensitive data, execute diagnostic commands, and make changes to ECU.

ATE-048 Bypass SecurityAccess

An attacker can exploit vulnerabilities in Securityaccess to gain unauthorized access to sensitive data, execute diagnostic commands, and make changes to ECU.

ATE-054 Adversary-in-the-Middle

Attackers intercepting and potentially altering communications between two vehicle components or systems. This can lead to unauthorized access or manipulation of sensitive data, such as authentication credentials or command signals, compromising the integrity and security of the entire vehicle system.

ATE-054 Adversary-in-the-Middle

Attackers intercepting and potentially altering communications between two vehicle components or systems. This can lead to unauthorized access or manipulation of sensitive data, such as authentication credentials or command signals, compromising the integrity and security of the entire vehicle system.

ATE-062 ECU Discovery

Attackers identifying and mapping out the ECU within a vehicle's network. Understanding the interconnected ECU can provide insights into potential vulnerabilities and attack vectors.

ATE-065 Exploitation of Remote Services

Attackers can exploit vulnerabilities in remote services to move from asset to asset within the vehicle.

ATE-065 Exploitation of Remote Services

Attackers can exploit vulnerabilities in remote services to move from asset to asset within the vehicle.

ATE-066 Remote Services

Attackers can use various remote services to move from asset to asset within the vehicle.

ATE-066 Remote Services

Attackers can use various remote services to move from asset to asset within the vehicle.

ATE-070 Gather information about ECU

An attacker can use UDS and GMLAN protocols to gain sensitive information about the ECU.

ATE-075 C2 via SMS

Attackers leveraging the SMS service to establish a C2 channel, enabling remote manipulation of vehicle systems.

ATE-084 Control Horn

Attackers can activate/deactivate the horn.

ATE-099 Denial of Control

Attackers disrupting a vehicle's control systems, preventing operators or automated systems from making desired actions, critical in scenarios like emergency braking in both automotive and rail contexts.

ATE-099 Denial of Control

Attackers disrupting a vehicle's control systems, preventing operators or automated systems from making desired actions, critical in scenarios like emergency braking in both automotive and rail contexts.