Hacking Connected Cars
-15%
portes grátis
Hacking Connected Cars
Tactics, Techniques, and Procedures
Knight, Alissa
John Wiley & Sons Inc
04/2020
272
Mole
Inglês
9781119491804
15 a 20 dias
364
Descrição não disponível.
About the Author v
Acknowledgments vii
Foreword xv
Introduction xix
Part I Tactics, Techniques, and Procedures 1
Chapter 1 Pre-Engagement 3
Penetration Testing Execution Standard 4
Scope Definition 6
Architecture 7
Full Disclosure 7
Release Cycles 7
IP Addresses 7
Source Code 8
Wireless Networks 8
Start and End Dates 8
Hardware Unique Serial Numbers 8
Rules of Engagement 9
Timeline 10
Testing Location 10
Work Breakdown Structure 10
Documentation Collection and Review 11
Example Documents 11
Project Management 13
Conception and Initiation 15
Definition and Planning 16
Launch or Execution 22
Performance/Monitoring 23
Project Close 24
Lab Setup 24
Required Hardware and Software 25
Laptop Setup 28
Rogue BTS Option 1: OsmocomBB 28
Rogue BTS Option 2: BladeRF + YateBTS 32
Setting Up Your WiFi Pineapple Tetra 35
Summary 36
Chapter 2 Intelligence Gathering 39
Asset Register 40
Reconnaissance 41
Passive Reconnaissance 42
Active Reconnaissance 56
Summary 59
Chapter 3 Threat Modeling 61
STRIDE Model 63
Threat Modeling Using STRIDE 65
Vast 74
Pasta 76
Stage 1: Define the Business and Security Objectives 77
Stage 2: Define the Technical Scope 78
Stage 3: Decompose the Application 79
Stage 4: Identify Threat Agents 80
Stage 5: Identify the Vulnerabilities 82
Stage 6: Enumerate the Exploits 82
Stage 7: Perform Risk and Impact Analysis 83
Summary 85
Chapter 4 Vulnerability Analysis 87
Passive and Active Analysis 88
WiFi 91
Bluetooth 100
Summary 105
Chapter 5 Exploitation 107
Creating Your Rogue BTS 108
Configuring NetworkinaPC 109
Bringing Your Rogue BTS Online 112
Hunting for the TCU 113
When You Know the MSISDN of the TCU 113
When You Know the IMSI of the TCU 114
When You Don't Know the IMSI or MSISDN of the TCU 114
Cryptanalysis 117
Encryption Keys 118
Impersonation Attacks 123
Summary 132
Chapter 6 Post Exploitation 133
Persistent Access 133
Creating a Reverse Shell 134
Linux Systems 136
Placing the Backdoor on the System 137
Network Sniffing 137
Infrastructure Analysis 138
Examining the Network Interfaces 139
Examining the ARP Cache 139
Examining DNS 141
Examining the Routing Table 142
Identifying Services 143
Fuzzing 143
Filesystem Analysis 148
Command-Line History 148
Core Dump Files 148
Debug Log Files 149
Credentials and Certificates 149
Over-the-Air Updates 149
Summary 150
Part II Risk Management 153
Chapter 7 Risk Management 155
Frameworks 156
Establishing the Risk Management Program 158
SAE J3061 159
ISO/SAE AWI 21434 163
HEAVENS 164
Threat Modeling 166
STRIDE 168
PASTA 171
TRIKE 175
Summary 176
Chapter 8 Risk-Assessment Frameworks 179
HEAVENS 180
Determining the Threat Level 180
Determining the Impact Level 183
Determining the Security Level 186
EVITA 187
Calculating Attack Potential 189
Summary 192
Chapter 9 PKI in Automotive 193
VANET 194
On-board Units 196
Roadside Unit 196
PKI in a VANET 196
Applications in a VANET 196
VANET Attack Vectors 197
802.11p Rising 197
Frequencies and Channels 197
Cryptography 198
Public Key Infrastructure 199
V2X PKI200
IEEE US Standard 201
Certificate Security 201
Hardware Security Modules 201
Trusted Platform Modules 202
Certificate Pinning 202
PKI Implementation Failures 203
Summary 203
Chapter 10 Reporting 205
Penetration Test Report 206
Summary Page 206
Executive Summary 207
Scope 208
Methodology 209
Limitations 211
Narrative 211
Tools Used 213
Risk Rating 214
Findings 215
Remediation 217
Report Outline 217
Risk Assessment Report 218
Introduction 219
References 220
Functional Description 220
Head Unit 220
System Interface 221
Threat Model 222
Threat Analysis 223
Impact Assessment 224
Risk Assessment 224
Security Control Assessment 226
Example Risk Assessment Table 229
Summary 230
Index 233
Acknowledgments vii
Foreword xv
Introduction xix
Part I Tactics, Techniques, and Procedures 1
Chapter 1 Pre-Engagement 3
Penetration Testing Execution Standard 4
Scope Definition 6
Architecture 7
Full Disclosure 7
Release Cycles 7
IP Addresses 7
Source Code 8
Wireless Networks 8
Start and End Dates 8
Hardware Unique Serial Numbers 8
Rules of Engagement 9
Timeline 10
Testing Location 10
Work Breakdown Structure 10
Documentation Collection and Review 11
Example Documents 11
Project Management 13
Conception and Initiation 15
Definition and Planning 16
Launch or Execution 22
Performance/Monitoring 23
Project Close 24
Lab Setup 24
Required Hardware and Software 25
Laptop Setup 28
Rogue BTS Option 1: OsmocomBB 28
Rogue BTS Option 2: BladeRF + YateBTS 32
Setting Up Your WiFi Pineapple Tetra 35
Summary 36
Chapter 2 Intelligence Gathering 39
Asset Register 40
Reconnaissance 41
Passive Reconnaissance 42
Active Reconnaissance 56
Summary 59
Chapter 3 Threat Modeling 61
STRIDE Model 63
Threat Modeling Using STRIDE 65
Vast 74
Pasta 76
Stage 1: Define the Business and Security Objectives 77
Stage 2: Define the Technical Scope 78
Stage 3: Decompose the Application 79
Stage 4: Identify Threat Agents 80
Stage 5: Identify the Vulnerabilities 82
Stage 6: Enumerate the Exploits 82
Stage 7: Perform Risk and Impact Analysis 83
Summary 85
Chapter 4 Vulnerability Analysis 87
Passive and Active Analysis 88
WiFi 91
Bluetooth 100
Summary 105
Chapter 5 Exploitation 107
Creating Your Rogue BTS 108
Configuring NetworkinaPC 109
Bringing Your Rogue BTS Online 112
Hunting for the TCU 113
When You Know the MSISDN of the TCU 113
When You Know the IMSI of the TCU 114
When You Don't Know the IMSI or MSISDN of the TCU 114
Cryptanalysis 117
Encryption Keys 118
Impersonation Attacks 123
Summary 132
Chapter 6 Post Exploitation 133
Persistent Access 133
Creating a Reverse Shell 134
Linux Systems 136
Placing the Backdoor on the System 137
Network Sniffing 137
Infrastructure Analysis 138
Examining the Network Interfaces 139
Examining the ARP Cache 139
Examining DNS 141
Examining the Routing Table 142
Identifying Services 143
Fuzzing 143
Filesystem Analysis 148
Command-Line History 148
Core Dump Files 148
Debug Log Files 149
Credentials and Certificates 149
Over-the-Air Updates 149
Summary 150
Part II Risk Management 153
Chapter 7 Risk Management 155
Frameworks 156
Establishing the Risk Management Program 158
SAE J3061 159
ISO/SAE AWI 21434 163
HEAVENS 164
Threat Modeling 166
STRIDE 168
PASTA 171
TRIKE 175
Summary 176
Chapter 8 Risk-Assessment Frameworks 179
HEAVENS 180
Determining the Threat Level 180
Determining the Impact Level 183
Determining the Security Level 186
EVITA 187
Calculating Attack Potential 189
Summary 192
Chapter 9 PKI in Automotive 193
VANET 194
On-board Units 196
Roadside Unit 196
PKI in a VANET 196
Applications in a VANET 196
VANET Attack Vectors 197
802.11p Rising 197
Frequencies and Channels 197
Cryptography 198
Public Key Infrastructure 199
V2X PKI200
IEEE US Standard 201
Certificate Security 201
Hardware Security Modules 201
Trusted Platform Modules 202
Certificate Pinning 202
PKI Implementation Failures 203
Summary 203
Chapter 10 Reporting 205
Penetration Test Report 206
Summary Page 206
Executive Summary 207
Scope 208
Methodology 209
Limitations 211
Narrative 211
Tools Used 213
Risk Rating 214
Findings 215
Remediation 217
Report Outline 217
Risk Assessment Report 218
Introduction 219
References 220
Functional Description 220
Head Unit 220
System Interface 221
Threat Model 222
Threat Analysis 223
Impact Assessment 224
Risk Assessment 224
Security Control Assessment 226
Example Risk Assessment Table 229
Summary 230
Index 233
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
connected car security; hacking cars; in-vehicle systems; ECU security; TCU security; infotainment system security; hacking TCUs; hacking ECUs; in-vehicle communication protocols; TCU defense; ECU defense; risk assessment; connected car vulnerabilities; head unit penetration testing; TCU penetration testing; vehicle integrity attacks; vehicle confidentiality attacks; vehicle hacking tactics; vehicle penetration testing; TCU penetration testing; ECU penetration testing; hacking autonomous vehicles
About the Author v
Acknowledgments vii
Foreword xv
Introduction xix
Part I Tactics, Techniques, and Procedures 1
Chapter 1 Pre-Engagement 3
Penetration Testing Execution Standard 4
Scope Definition 6
Architecture 7
Full Disclosure 7
Release Cycles 7
IP Addresses 7
Source Code 8
Wireless Networks 8
Start and End Dates 8
Hardware Unique Serial Numbers 8
Rules of Engagement 9
Timeline 10
Testing Location 10
Work Breakdown Structure 10
Documentation Collection and Review 11
Example Documents 11
Project Management 13
Conception and Initiation 15
Definition and Planning 16
Launch or Execution 22
Performance/Monitoring 23
Project Close 24
Lab Setup 24
Required Hardware and Software 25
Laptop Setup 28
Rogue BTS Option 1: OsmocomBB 28
Rogue BTS Option 2: BladeRF + YateBTS 32
Setting Up Your WiFi Pineapple Tetra 35
Summary 36
Chapter 2 Intelligence Gathering 39
Asset Register 40
Reconnaissance 41
Passive Reconnaissance 42
Active Reconnaissance 56
Summary 59
Chapter 3 Threat Modeling 61
STRIDE Model 63
Threat Modeling Using STRIDE 65
Vast 74
Pasta 76
Stage 1: Define the Business and Security Objectives 77
Stage 2: Define the Technical Scope 78
Stage 3: Decompose the Application 79
Stage 4: Identify Threat Agents 80
Stage 5: Identify the Vulnerabilities 82
Stage 6: Enumerate the Exploits 82
Stage 7: Perform Risk and Impact Analysis 83
Summary 85
Chapter 4 Vulnerability Analysis 87
Passive and Active Analysis 88
WiFi 91
Bluetooth 100
Summary 105
Chapter 5 Exploitation 107
Creating Your Rogue BTS 108
Configuring NetworkinaPC 109
Bringing Your Rogue BTS Online 112
Hunting for the TCU 113
When You Know the MSISDN of the TCU 113
When You Know the IMSI of the TCU 114
When You Don't Know the IMSI or MSISDN of the TCU 114
Cryptanalysis 117
Encryption Keys 118
Impersonation Attacks 123
Summary 132
Chapter 6 Post Exploitation 133
Persistent Access 133
Creating a Reverse Shell 134
Linux Systems 136
Placing the Backdoor on the System 137
Network Sniffing 137
Infrastructure Analysis 138
Examining the Network Interfaces 139
Examining the ARP Cache 139
Examining DNS 141
Examining the Routing Table 142
Identifying Services 143
Fuzzing 143
Filesystem Analysis 148
Command-Line History 148
Core Dump Files 148
Debug Log Files 149
Credentials and Certificates 149
Over-the-Air Updates 149
Summary 150
Part II Risk Management 153
Chapter 7 Risk Management 155
Frameworks 156
Establishing the Risk Management Program 158
SAE J3061 159
ISO/SAE AWI 21434 163
HEAVENS 164
Threat Modeling 166
STRIDE 168
PASTA 171
TRIKE 175
Summary 176
Chapter 8 Risk-Assessment Frameworks 179
HEAVENS 180
Determining the Threat Level 180
Determining the Impact Level 183
Determining the Security Level 186
EVITA 187
Calculating Attack Potential 189
Summary 192
Chapter 9 PKI in Automotive 193
VANET 194
On-board Units 196
Roadside Unit 196
PKI in a VANET 196
Applications in a VANET 196
VANET Attack Vectors 197
802.11p Rising 197
Frequencies and Channels 197
Cryptography 198
Public Key Infrastructure 199
V2X PKI200
IEEE US Standard 201
Certificate Security 201
Hardware Security Modules 201
Trusted Platform Modules 202
Certificate Pinning 202
PKI Implementation Failures 203
Summary 203
Chapter 10 Reporting 205
Penetration Test Report 206
Summary Page 206
Executive Summary 207
Scope 208
Methodology 209
Limitations 211
Narrative 211
Tools Used 213
Risk Rating 214
Findings 215
Remediation 217
Report Outline 217
Risk Assessment Report 218
Introduction 219
References 220
Functional Description 220
Head Unit 220
System Interface 221
Threat Model 222
Threat Analysis 223
Impact Assessment 224
Risk Assessment 224
Security Control Assessment 226
Example Risk Assessment Table 229
Summary 230
Index 233
Acknowledgments vii
Foreword xv
Introduction xix
Part I Tactics, Techniques, and Procedures 1
Chapter 1 Pre-Engagement 3
Penetration Testing Execution Standard 4
Scope Definition 6
Architecture 7
Full Disclosure 7
Release Cycles 7
IP Addresses 7
Source Code 8
Wireless Networks 8
Start and End Dates 8
Hardware Unique Serial Numbers 8
Rules of Engagement 9
Timeline 10
Testing Location 10
Work Breakdown Structure 10
Documentation Collection and Review 11
Example Documents 11
Project Management 13
Conception and Initiation 15
Definition and Planning 16
Launch or Execution 22
Performance/Monitoring 23
Project Close 24
Lab Setup 24
Required Hardware and Software 25
Laptop Setup 28
Rogue BTS Option 1: OsmocomBB 28
Rogue BTS Option 2: BladeRF + YateBTS 32
Setting Up Your WiFi Pineapple Tetra 35
Summary 36
Chapter 2 Intelligence Gathering 39
Asset Register 40
Reconnaissance 41
Passive Reconnaissance 42
Active Reconnaissance 56
Summary 59
Chapter 3 Threat Modeling 61
STRIDE Model 63
Threat Modeling Using STRIDE 65
Vast 74
Pasta 76
Stage 1: Define the Business and Security Objectives 77
Stage 2: Define the Technical Scope 78
Stage 3: Decompose the Application 79
Stage 4: Identify Threat Agents 80
Stage 5: Identify the Vulnerabilities 82
Stage 6: Enumerate the Exploits 82
Stage 7: Perform Risk and Impact Analysis 83
Summary 85
Chapter 4 Vulnerability Analysis 87
Passive and Active Analysis 88
WiFi 91
Bluetooth 100
Summary 105
Chapter 5 Exploitation 107
Creating Your Rogue BTS 108
Configuring NetworkinaPC 109
Bringing Your Rogue BTS Online 112
Hunting for the TCU 113
When You Know the MSISDN of the TCU 113
When You Know the IMSI of the TCU 114
When You Don't Know the IMSI or MSISDN of the TCU 114
Cryptanalysis 117
Encryption Keys 118
Impersonation Attacks 123
Summary 132
Chapter 6 Post Exploitation 133
Persistent Access 133
Creating a Reverse Shell 134
Linux Systems 136
Placing the Backdoor on the System 137
Network Sniffing 137
Infrastructure Analysis 138
Examining the Network Interfaces 139
Examining the ARP Cache 139
Examining DNS 141
Examining the Routing Table 142
Identifying Services 143
Fuzzing 143
Filesystem Analysis 148
Command-Line History 148
Core Dump Files 148
Debug Log Files 149
Credentials and Certificates 149
Over-the-Air Updates 149
Summary 150
Part II Risk Management 153
Chapter 7 Risk Management 155
Frameworks 156
Establishing the Risk Management Program 158
SAE J3061 159
ISO/SAE AWI 21434 163
HEAVENS 164
Threat Modeling 166
STRIDE 168
PASTA 171
TRIKE 175
Summary 176
Chapter 8 Risk-Assessment Frameworks 179
HEAVENS 180
Determining the Threat Level 180
Determining the Impact Level 183
Determining the Security Level 186
EVITA 187
Calculating Attack Potential 189
Summary 192
Chapter 9 PKI in Automotive 193
VANET 194
On-board Units 196
Roadside Unit 196
PKI in a VANET 196
Applications in a VANET 196
VANET Attack Vectors 197
802.11p Rising 197
Frequencies and Channels 197
Cryptography 198
Public Key Infrastructure 199
V2X PKI200
IEEE US Standard 201
Certificate Security 201
Hardware Security Modules 201
Trusted Platform Modules 202
Certificate Pinning 202
PKI Implementation Failures 203
Summary 203
Chapter 10 Reporting 205
Penetration Test Report 206
Summary Page 206
Executive Summary 207
Scope 208
Methodology 209
Limitations 211
Narrative 211
Tools Used 213
Risk Rating 214
Findings 215
Remediation 217
Report Outline 217
Risk Assessment Report 218
Introduction 219
References 220
Functional Description 220
Head Unit 220
System Interface 221
Threat Model 222
Threat Analysis 223
Impact Assessment 224
Risk Assessment 224
Security Control Assessment 226
Example Risk Assessment Table 229
Summary 230
Index 233
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
connected car security; hacking cars; in-vehicle systems; ECU security; TCU security; infotainment system security; hacking TCUs; hacking ECUs; in-vehicle communication protocols; TCU defense; ECU defense; risk assessment; connected car vulnerabilities; head unit penetration testing; TCU penetration testing; vehicle integrity attacks; vehicle confidentiality attacks; vehicle hacking tactics; vehicle penetration testing; TCU penetration testing; ECU penetration testing; hacking autonomous vehicles
