Update: Automotive Security

[kamilgrzela]

What is missing or needs to be updated?

I can propose an updated description for the Top 10 Automotive Security Vulnerabilities. Based on my knowledge, I believe I can add more value to this cheat sheet.

How should this be resolved?

I propose adding the following vulnerabilities:

1. Lack of firmware/software integrity – this means that the solution does not implement Secure Boot, authenticated boot, or run-time boot verification.
2. Lack of data storage encryption (Secure Storage) – this allows an attacker to extract sensitive data from the ECU. Physical access to the ECU is required.
3. Lack of system input validation.

I also propose replacing:
“Weak Vehicle Communication Protocols” with “Lack of secure communication.”
The CAN protocol itself is not weak, but it does not provide any built-in security mechanisms. However, an OEM may require SecOC, which adds integrity checking for each CAN frame.

I also propose extending the description of the existing cheat sheet and adding a MITIGATION proposal.

[jmanico]

I like this direction. Please give us a series of small PR's that we can easily analyze as opposed to one large one. Is that ok?

[kamilgrzela]

Proposition 1: Lack of Secure Communication

Vulnerability:
Vehicle networks rely on protocols such as LIN, CAN, Ethernet, and IP, which were not designed with security in mind. As a result, attackers may eavesdrop on or intercept communications, potentially impacting vehicle safety.

Example:
An attacker could intercept messages on the bus, leading to unauthorised commands being sent to critical vehicle systems (e.g., braking or steering systems).

Attack Surface:

• In-vehicle networks
• Exposed diagnostic interfaces (e.g., OBD ports)

Mitigation:

LIN:
For LIN networks, a 1-wire authentication mechanism may be implemented for specific use cases to provide basic message authentication.

CAN:
For CAN networks, the commonly adopted security mechanism is SecOC (Secure Onboard Communication) as specified by AUTOSAR. SecOC protects the integrity and authenticity of CAN frames but does not provide confidentiality.

Ethernet:
In-vehicle Ethernet networks are compliant with the IEEE 802.3 standard. To secure Ethernet communication, MACsec (IEEE 802.1AE) can be implemented to provide integrity and confidentiality protection for Ethernet frames.

IP:
IP-based communication can be secured using VPN technologies such as IPsec or WireGuard, which provide authentication, integrity, and confidentiality.

[jmanico]

This is going to break the current flow of https://cheatsheetseries.owasp.org/cheatsheets/Automotive_Security.html. Secure comms is already included.

Is you plan to beef up each section? What your high level plan?

[kamilgrzela]

My proposition will be rewrite them, according to automotive industry standards/best practices and known vulnerabilities.

[kamilgrzela]

https://atm.automotiveisac.com/ - very good source.

[jmanico]

Right now, the cheat sheet is perfectly clean with only three sections per category.

Can you keep that flow going or give me a new standard for each section that is still very concise?

I don't want to blow this up too much - the cheat sheets need to be brief.

What do you think?

[kamilgrzela]

Depend what we want to achive. Do we want to have a threat catalogue or something similar to a cybersecurity guide for automotive?
If the second one, we need cybersecurity best practices for automotive components.

[jmanico]

What I want is a very concise sheet based guide for developers to help them get this right.

I'm less concerned about the threats and more concerned about what controls need to be in place.

I also want to keep this a cheat sheet. This is not a comprehensive guide. This is something I want developers to look at and quickly have an understanding of what their security duty is in this space.

[jmanico]

I also agree that the current sheet sheet is a little bit too brief and it can use some beefing up with your expertise

[kamilgrzela]

So, maybe I will prepare a complete cheat sheet, and after that, we can "tune" it, if needed.

[jmanico]

I'm open to that.

[kamilgrzela]

Work-in-progress