Types of automotive cyber attacks
Broadly speaking, there are two types of automotive attacks: physical and remote.
To carry out a physical attack, one needs to get physical access to the vehicle. For example, to record internal communication between different ECUs, the attacker can use the OBD2 port, which is available for diagnostics purposes. The attacker can easily reverse-engineer the data and carry replay attacks.
To carry out these attacks, one needs to have remote access to the vehicle. This can be achieved by Bluetooth, wifi or any paired device. The scope of such attacks is bigger as many vehicles can be targeted at once.
We shall look at practical, physical and remote attacks later in the program.
In the next step we take a detailed look at one such attack carried out by Chris Valasek and Charlie Miller.
Some of the risks posed to modern vehicles include:
- Identity/personal information theft: Owner details, GPS logs, credit cards, etc
- Unauthorised access: Keyless door entry system through mobile apps or electronic key fobs
- Creation of mobile bots: Large number of vehicles could be excellent candidates for bots, which can be used to launch cyber attacks
- Installation of ransomware: Victims must pay money to regain control of their vehicles
© Coventry University. CC BY-NC 4.0