Hacking Connected Cars - Tactics, Techniques, and Procedures

Read more

A field manual on contextualizing cyber threats, vulnerabilities, and risks to connected cars through penetration testing and risk assessment
 
Hacking Connected Cars deconstructs the tactics, techniques, and procedures (TTPs) used to hack into connected cars and autonomous vehicles to help you identify and mitigate vulnerabilities affecting cyber-physical vehicles. Written by a veteran of risk management and penetration testing of IoT devices and connected cars, this book provides a detailed account of how to perform penetration testing, threat modeling, and risk assessments of telematics control units and infotainment systems. This book demonstrates how vulnerabilities in wireless networking, Bluetooth, and GSM can be exploited to affect confidentiality, integrity, and availability of connected cars.
 
Passenger vehicles have experienced a massive increase in connectivity over the past five years, and the trend will only continue to grow with the expansion of The Internet of Things and increasing consumer demand for always-on connectivity. Manufacturers and OEMs need the ability to push updates without requiring service visits, but this leaves the vehicle's systems open to attack. This book examines the issues in depth, providing cutting-edge preventative tactics that security practitioners, researchers, and vendors can use to keep connected cars safe without sacrificing connectivity.
* Perform penetration testing of infotainment systems and telematics control units through a step-by-step methodical guide
* Analyze risk levels surrounding vulnerabilities and threats that impact confidentiality, integrity, and availability
* Conduct penetration testing using the same tactics, techniques, and procedures used by hackers
 
From relatively small features such as automatic parallel parking, to completely autonomous self-driving cars--all connected systems are vulnerable to attack. As connectivity becomes a way of life, the need for security expertise for in-vehicle systems is becoming increasingly urgent. Hacking Connected Cars provides practical, comprehensive guidance for keeping these vehicles secure.

List of contents

About the Author v
 
Acknowledgments vii
 
Foreword xv
 
Introduction xix
 
Part I Tactics, Techniques, and Procedures 1
 
Chapter 1 Pre-Engagement 3
 
Penetration Testing Execution Standard 4
 
Scope Definition 6
 
Architecture 7
 
Full Disclosure 7
 
Release Cycles 7
 
IP Addresses 7
 
Source Code 8
 
Wireless Networks 8
 
Start and End Dates 8
 
Hardware Unique Serial Numbers 8
 
Rules of Engagement 9
 
Timeline 10
 
Testing Location 10
 
Work Breakdown Structure 10
 
Documentation Collection and Review 11
 
Example Documents 11
 
Project Management 13
 
Conception and Initiation 15
 
Definition and Planning 16
 
Launch or Execution 22
 
Performance/Monitoring 23
 
Project Close 24
 
Lab Setup 24
 
Required Hardware and Software 25
 
Laptop Setup 28
 
Rogue BTS Option 1: OsmocomBB 28
 
Rogue BTS Option 2: BladeRF + YateBTS 32
 
Setting Up Your WiFi Pineapple Tetra 35
 
Summary 36
 
Chapter 2 Intelligence Gathering 39
 
Asset Register 40
 
Reconnaissance 41
 
Passive Reconnaissance 42
 
Active Reconnaissance 56
 
Summary 59
 
Chapter 3 Threat Modeling 61
 
STRIDE Model 63
 
Threat Modeling Using STRIDE 65
 
VAST 74
 
PASTA 76
 
Stage 1: Define the Business and Security Objectives 77
 
Stage 2: Define the Technical Scope 78
 
Stage 3: Decompose the Application 79
 
Stage 4: Identify Threat Agents 80
 
Stage 5: Identify the Vulnerabilities 82
 
Stage 6: Enumerate the Exploits 82
 
Stage 7: Perform Risk and Impact Analysis 83
 
Summary 85
 
Chapter 4 Vulnerability Analysis 87
 
Passive and Active Analysis 88
 
WiFi 91
 
Bluetooth 100
 
Summary 105
 
Chapter 5 Exploitation 107
 
Creating Your Rogue BTS 108
 
Configuring NetworkinaPC 109
 
Bringing Your Rogue BTS Online 112
 
Hunting for the TCU 113
 
When You Know the MSISDN of the TCU 113
 
When You Know the IMSI of the TCU 114
 
When You Don't Know the IMSI or MSISDN of the TCU 114
 
Cryptanalysis 117
 
Encryption Keys 118
 
Impersonation Attacks 123
 
Summary 132
 
Chapter 6 Post Exploitation 133
 
Persistent Access 133
 
Creating a Reverse Shell 134
 
Linux Systems 136
 
Placing the Backdoor on the System 137
 
Network Sniffing 137
 
Infrastructure Analysis 138
 
Examining the Network Interfaces 139
 
Examining the ARP Cache 139
 
Examining DNS 141
 
Examining the Routing Table 142
 
Identifying Services 143
 
Fuzzing 143
 
Filesystem Analysis 148
 
Command-Line History 148
 
Core Dump Files 148
 
Debug Log Files 149
 
Credentials and Certificates 149
 
Over-the-Air Updates 149
 
Summary 150
 
Part II Risk Management 153
 
Chapter 7 Risk Management 155
 
Frameworks 156
 
Establishing the Risk Management Program 158
 
SAE J3061 159
 
ISO/SAE AWI 21434 163
 
HEAVENS 164
 
Threat Modeling 166
 
STRIDE 168
 
PASTA 171
 
TRIKE 175
 
Summary 176
 
Chapter 8 Risk-Assessment Frameworks 179
 
HEAVENS 180
 
Determining the Threat Level 180
 

About the author