2Finding Attack Surfaces
My request to all of you
Car hacking should not be taken casually. Playing with your vehicle’s network, wireless connections, onboard computers, or other electronics can damage or disable it. Be very careful when experimenting with any of the techniques published on my blog My Hack Stuff. So, keep safety as an overriding concern. Now we are going to discuss first step for Cars Penetration testing or hacking.
When evaluating a vehicle’s attack surface, think of yourself as an evil spy who’s trying to do bad things to a vehicle. To find weaknesses in the vehicle’s security, evaluate the vehicle’s perimeter, and document the vehicle’s environment. Be sure to consider all the ways that data can get into a vehicle, which are all the ways that a vehicle communicates with the outside world.
As you examine the exterior of the vehicle, ask yourself these questions:
- What signals are received? Radio waves? Key fobs? Distance sensors?
- Is there physical keypad access?
- Are there any touch or motion sensors?
- If the vehicle is electric, how does it charge?
As you examine the interior, consider the following:
- What are the audio input options: CD? USB? Bluetooth?
- Are there diagnostic ports?
- What are the capabilities of the dashboard? Is there a GPS? Bluetooth?
As you can see, there are many ways data can enter the vehicle. If any of this data is malformed or intentionally malicious, what happens? This is where threat modeling comes in.
Entire books have been written about threat modeling, but I’m going to give you just a quick tour so you can build your own threat models. When threat modeling a car, you collect information about the architecture of your target and create a diagram to illustrate how parts of the car communicate. You then use these maps to identify higher-risk inputs and to keep a checklist of things to audit; this will help you prioritize entry points that could yield the most return.
Threat models are typically made during the product development and design process. If the company producing a particular product has a good development life cycle, it creates the threat model when product development begins and continuously updates the model as the product moves through the development life cycle. Threat models are living documents that change as the target changes and as you learn more about a target, so you should update your threat model often.
Your threat model can consist of different levels; if a process in your model is complicated, you should consider breaking it down further by adding more levels to your diagrams. In the beginning, however, Level 2 is about as far as you’ll be able to go. We’ll discuss the various levels in the following sections, beginning with Threat Level 0.