+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

Hacking Connected Cars. Tactics, Techniques, and Procedures. Edition No. 1

  • Book

  • 272 Pages
  • April 2020
  • John Wiley and Sons Ltd
  • ID: 5839880

A field manual on contextualizing cyber threats, vulnerabilities, and risks to connected cars through penetration testing and risk assessment

Hacking Connected Cars deconstructs the tactics, techniques, and procedures (TTPs) used to hack into connected cars and autonomous vehicles to help you identify and mitigate vulnerabilities affecting cyber-physical vehicles. Written by a veteran of risk management and penetration testing of IoT devices and connected cars, this book provides a detailed account of how to perform penetration testing, threat modeling, and risk assessments of telematics control units and infotainment systems. This book demonstrates how vulnerabilities in wireless networking, Bluetooth, and GSM can be exploited to affect confidentiality, integrity, and availability of connected cars.

Passenger vehicles have experienced a massive increase in connectivity over the past five years, and the trend will only continue to grow with the expansion of The Internet of Things and increasing consumer demand for always-on connectivity. Manufacturers and OEMs need the ability to push updates without requiring service visits, but this leaves the vehicle’s systems open to attack. This book examines the issues in depth, providing cutting-edge preventative tactics that security practitioners, researchers, and vendors can use to keep connected cars safe without sacrificing connectivity.

  • Perform penetration testing of infotainment systems and telematics control units through a step-by-step methodical guide
  • Analyze risk levels surrounding vulnerabilities and threats that impact confidentiality, integrity, and availability
  • Conduct penetration testing using the same tactics, techniques, and procedures used by hackers

From relatively small features such as automatic parallel parking, to completely autonomous self-driving cars - all connected systems are vulnerable to attack. As connectivity becomes a way of life, the need for security expertise for in-vehicle systems is becoming increasingly urgent. Hacking Connected Cars provides practical, comprehensive guidance for keeping these vehicles secure.

Table of Contents

About the Author v

Acknowledgments vii

Foreword xv

Introduction xix

Part I Tactics, Techniques, and Procedures 1

Chapter 1 Pre-Engagement 3

Penetration Testing Execution Standard 4

Scope Definition 6

Architecture 7

Full Disclosure 7

Release Cycles 7

IP Addresses 7

Source Code 8

Wireless Networks 8

Start and End Dates 8

Hardware Unique Serial Numbers 8

Rules of Engagement 9

Timeline 10

Testing Location 10

Work Breakdown Structure 10

Documentation Collection and Review 11

Example Documents 11

Project Management 13

Conception and Initiation 15

Definition and Planning 16

Launch or Execution 22

Performance/Monitoring 23

Project Close 24

Lab Setup 24

Required Hardware and Software 25

Laptop Setup 28

Rogue BTS Option 1: OsmocomBB 28

Rogue BTS Option 2: BladeRF + YateBTS 32

Setting Up Your WiFi Pineapple Tetra 35

Summary 36

Chapter 2 Intelligence Gathering 39

Asset Register 40

Reconnaissance 41

Passive Reconnaissance 42

Active Reconnaissance 56

Summary 59

Chapter 3 Threat Modeling 61

STRIDE Model 63

Threat Modeling Using STRIDE 65

Vast 74

Pasta 76

Stage 1: Define the Business and Security Objectives 77

Stage 2: Define the Technical Scope 78

Stage 3: Decompose the Application 79

Stage 4: Identify Threat Agents 80

Stage 5: Identify the Vulnerabilities 82

Stage 6: Enumerate the Exploits 82

Stage 7: Perform Risk and Impact Analysis 83

Summary 85

Chapter 4 Vulnerability Analysis 87

Passive and Active Analysis 88

WiFi 91

Bluetooth 100

Summary 105

Chapter 5 Exploitation 107

Creating Your Rogue BTS 108

Configuring NetworkinaPC 109

Bringing Your Rogue BTS Online 112

Hunting for the TCU 113

When You Know the MSISDN of the TCU 113

When You Know the IMSI of the TCU 114

When You Don’t Know the IMSI or MSISDN of the TCU 114

Cryptanalysis 117

Encryption Keys 118

Impersonation Attacks 123

Summary 132

Chapter 6 Post Exploitation 133

Persistent Access 133

Creating a Reverse Shell 134

Linux Systems 136

Placing the Backdoor on the System 137

Network Sniffing 137

Infrastructure Analysis 138

Examining the Network Interfaces 139

Examining the ARP Cache 139

Examining DNS 141

Examining the Routing Table 142

Identifying Services 143

Fuzzing 143

Filesystem Analysis 148

Command-Line History 148

Core Dump Files 148

Debug Log Files 149

Credentials and Certificates 149

Over-the-Air Updates 149

Summary 150

Part II Risk Management 153

Chapter 7 Risk Management 155

Frameworks 156

Establishing the Risk Management Program 158

SAE J3061 159

ISO/SAE AWI 21434 163

HEAVENS 164

Threat Modeling 166

STRIDE 168

PASTA 171

TRIKE 175

Summary 176

Chapter 8 Risk-Assessment Frameworks 179

HEAVENS 180

Determining the Threat Level 180

Determining the Impact Level 183

Determining the Security Level 186

EVITA 187

Calculating Attack Potential 189

Summary 192

Chapter 9 PKI in Automotive 193

VANET 194

On-board Units 196

Roadside Unit 196

PKI in a VANET 196

Applications in a VANET 196

VANET Attack Vectors 197

802.11p Rising 197

Frequencies and Channels 197

Cryptography 198

Public Key Infrastructure 199

V2X PKI200

IEEE US Standard 201

Certificate Security 201

Hardware Security Modules 201

Trusted Platform Modules 202

Certificate Pinning 202

PKI Implementation Failures 203

Summary 203

Chapter 10 Reporting 205

Penetration Test Report 206

Summary Page 206

Executive Summary 207

Scope 208

Methodology 209

Limitations 211

Narrative 211

Tools Used 213

Risk Rating 214

Findings 215

Remediation 217

Report Outline 217

Risk Assessment Report 218

Introduction 219

References 220

Functional Description 220

Head Unit 220

System Interface 221

Threat Model 222

Threat Analysis 223

Impact Assessment 224

Risk Assessment 224

Security Control Assessment 226

Example Risk Assessment Table 229

Summary 230

Index 233

Authors

Alissa Knight