> How APTs Target Vehicles | cyberschmutz
Post

How APTs Target Vehicles

Posted Updated
By Daniil 1 min read

As we accelerate into the age of autonomous driving, the new paradigm isn’t just about horsepower but also about data and connectivity.

While this advancement brings convenience and innovation, it introduces complex cybersecurity concerns, including potential threats from APTs.

Motivation: Why Would APTs Target Cars?

Intelligence and Surveillance

High-profile individuals often travel in vehicles that are not just luxurious but also high-tech.

By hacking into these smart vehicles, APTs could eavesdrop on sensitive conversations or capture video footage, essentially converting the car into a mobile surveillance unit.

Supply Chain Disruption

Targeting ECUs and other vehicle components during the manufacturing stage can significantly disrupt supply chains, impacting a nation’s economy and its military capabilities.

Geo-Political Leverage

Compromising a country’s public transport or freight systems can have far-reaching implications.

It provides a means to exercise significant political or economic leverage.

Automotive Intellectual Property

By gaining unauthorized access to proprietary algorithms used in autonomous driving systems or ADAS (Advanced Driver Assistance Systems), nation-states can leapfrog years of research and development.

The Automotive-Specific Attack Chain

Phase 1: Reconnaissance

The APT first identifies the type of cars, their communication protocols, and their connected systems. For instance, understanding the kind of ECU (Electronic Control Unit) or infotainment system in use.

Phase 2: Initial Compromise

The group then exploits vulnerabilities in publicly accessible interfaces.

This could be as simple as sending a phishing email to an employee of the car manufacturer to gain internal network access or exploiting a zero-day vulnerability in the car’s infotainment system.

Phase 3: Lateral Movement

Once inside the network or vehicle system, the APT works on lateral movement.

This could involve moving from the infotainment system to more critical systems, e.g., exploiting CAN bus vulnerabilities to control essential vehicle functions.

Phase 4: Data Harvesting

APTs might harvest telemetry data, travel patterns, or even biometric data if the car uses such features for driver identification.

Phase 5: Exit Strategy

The APT group creates backdoors and rootkits, ensuring that they maintain control over the system for future use. Data is sent back to a remote server and erased from the vehicle to minimize detection chances.

Threat Intelligence
apt automotive
This post is licensed under CC BY 4.0 by the author.