19.1
|
Extraction of copyright or proprietary software from vehicle systems (product piracy / stolen software)
|
M7
|
Access control techniques and designs shall be applied to protect system data/code. Example Security Controls can be found in OWASP
|
19.2
|
Unauthorized access to the owner’s privacy information such as personal identity, payment account information, address book information, location information, vehicle’s electronic ID, etc.
|
M8
|
Through system design and access control it should not be possible for unauthorized personnel to access personal or system critical data. Examples of Security Controls can be found in OWASP
|
19.3
|
Extraction of cryptographic keys
|
M11
|
Security controls shall be implemented for storing cryptographic keys e.g. Security Modules
|
20.1
|
Illegal/unauthorised changes to vehicle’s electronic ID
|
M7
|
Access control techniques and designs shall be applied to protect system data/code. Example Security Controls can be found in OWASP
|
20.2
|
Identity fraud. For example, if a user wants to display another identity when communicating with toll systems, manufacturer backend
|
20.3
|
Action to circumvent monitoring systems (e.g. hacking/ tampering/ blocking of messages such as ODR Tracker data, or number of runs)
|
M7
|
Access control techniques and designs shall be applied to protect system data/code. Example Security Controls can be found in OWASP.
Data manipulation attacks on sensors or transmitted data could be mitigated by correlating the data from different sources of information
|
20.4
|
Data manipulation to falsify vehicle’s driving data (e.g. mileage, driving speed, driving directions, etc.)
|
20.5
|
Unauthorised changes to system diagnostic data
|
21.1
|
Unauthorized deletion/manipulation of system event logs
|
M7
|
Access control techniques and designs shall be applied to protect system data/code. Example Security Controls can be found in OWASP.
|
22.2
|
Introduce malicious software or malicious software activity
|
M7
|
Access control techniques and designs shall be applied to protect system data/code. Example Security Controls can be found in OWASP.
|
23.1
|
Fabrication of software of the vehicle control system or information system
|
24.1
|
Denial of service, for example this may be triggered on the internal network by flooding a CAN bus, or by provoking faults on an ECU via a high rate of messaging
|
M13
|
Measures to detect and recover from a denial of service attack shall be employed
|
25.1
|
Unauthorized access to falsify configuration parameters of vehicle’s key functions, such as brake data, airbag deployed threshold, etc.
|
M7
|
Access control techniques and designs shall be applied to protect system data/code. Example Security Controls can be found in OWASP
|
25.2
|
Unauthorized access to falsify charging parameters, such as charging voltage, charging power, battery temperature, etc.
|