Hacking Connected Cars: Tactics, Techniques, and Procedures

A field manual decomposing the tactics, techniques, and procedures used for risk analysis and exploitation of vulnerabilities in connected cars, As technology makes its way into passenger vehicles driven largely by consumer demands for always-on connectivity and a push to leverage technology to decrease traffic congestion by connecting automobiles to the smart cities around them, automobiles which were once isolated in-vehicle networks are now suddenly reachable from anywhere. This connectivity poses a significant risk to passengers of connected cars and autonomous vehicles as OEMs and automakers adapt to understand the new domain of cybersecurity when historically, safety was their only concern. Alissa Knight, a 20-year veteran of risk management and penetration testing of IoT devices and connected cars, provides a comprehensive guide for performing penetration testing, risk assessments, and risk treatments of connected passenger vehicles. Written for cybersecurity professionals who may not be experts in vehicle mechatronics, Hacking Connected Cars provides a complete reference on the tactics, techniques, and procedures required to identify and mitigate vulnerabilities in cyber-physical vehicles. With thorough summaries of the points covered in each chapter, detailed step-by-step procedures for performing a penetration tests and risk assessments of connected cars with near surgical precision, and explanatory diagrams, Hacking Connected Cars examines the issues involved and provides cutting-edge preventive tactics to secure these systems. You will learn to find the vulnerabilities in these systems before adversaries targeting your systems do using their own methods to perform penetration testing of infotainment systems and telematics control units, as well as how to analyze risk levels surrounding vulnerabilities and threats affecting confidentiality, integrity, and availability. Hacking Connected Cars offers vital tools to help security practitioners, researchers, and vendors keep connected cars safe without sacrificing connectivity. It examines: Electronic and telematics control units (ECUs and TCUs), Man-in-the-middle attacks, Attacks affecting confidentiality, integrity, and availability, Risk assessment, threat modeling, and risk treatment frameworks, TCU and head unit kill chains in a penetration test, Reverse engineering binaries and static code analysis, Key exchange and other cryptanalysis attacks, On-board diagnostics assessments, Vulnerabilities affecting common ECU/TCU/HU operating system platforms Book jacket.