Future Learn notes: Automotive Cyber Security: An Introduction Coventry University

 

These are the notes I have made whilst doing the titled course on Future learn. 

More detail on this can also be found on my Folio space.

Week 1

  • What is the difference between vulnerability and threat?
    A vulnerability is a weakness to attack where as a threat is the intent to or act of attacking.
  • What are the requirements to compromise a device?
    For a device to be compromised it must have a means of access that is unproteted or inadequately protected from attack.
  • What does root credential mean?
    Log in/account details.
  • What does reconnaissance mean?
    Observation and recording to build a picture of the subjects life patterns.
  • What is misconfiguration (security)?
    Having a security system that fails to protect the thing that needs protecting fully. A very simple example would be a locked compound with all of the valuables on the outside,
  • What is port scanning? Can you name a few tools?
    Port scanning is essentially knocking on doors. A request for access is attempted on all ports and when a reply is received, this confirms that there is access via that port.
  • How can we assess any system security?
    Use of scanners for virus/malware. Logs can also be checked for access attempts and systems checked against benchmaks to see if any code has been changed.
  • What is penetration testing?
    Test the security of a system by attacking it with the same tools used by an attacker.
  • Why is data backup a basic requirement?
    Data can be lost or damaged for a number of reasons and as such should always be backed up.
  • How can malware get access into a system?
    It usually gets in with other media added unwittingly by a user such as in a picture.
  • What do we mean by vehicle-to-vehicle/vehicle-to-infrastructure communication?
    The things that the vehicle are communicating with via wired connection or wirelessly.

Week 2

The Sony pictures entertainment hack

  1. What was the method of attack?
    The attackers, Guardians of Peace (GOP), used Malware to hack Sony's network and download terabytes of data which was publicly shared over a number of days.
  2. What was the impact of attack?
    A number of class action law suits against Sony from its former employees, resignation of the CEO and cancelation of the offending move; The interview.
  3. What vulnerabilities were exploited?
    A poor security system (highlighted by former employees was used to insert listening implant, backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning tools.
  4. How can we stop such attacks?
    Better firewalls, responsible and manged storage of personal data.
  5. Looking at the bigger picture, how can the information presented here be applied to the automotive sector?
    This is evidence of how a well financed and incentivised team could easily take down a large network of which cars are more and more connected to.

Consolidation

Question 1: Power windows, lane assistance, seat warming and other functions are possible due to the inclusion of which features?
A CAN system is integral to all of these features what are usually controlled by a networked computer. In a VAG vehicle for example it would the the Body Control Module (BCM).

Question 2: What does CIA stand for and why is it important?
The TLA translates to: CAN in Automation (CiA)391 which is the international users' and manufacturers' organization that develops and supports CAN-based higher-layer protocols.

Question 3: What is the main backbone in-vehicle network called?
The CAN network.

Question 4: There are two ways to connect CAN loggers. What are these two ways?
Wirelessly or wired connected to the OBD2 port.

Question 5: Since 1996, it has been mandatory by law for every vehicle to have this installed. What is it?
OBD2 port.

Question 6: Which entry point has a short-range radio transmitter that communicates with a vehicle by sending identification information to it for authentication?
Bluetooth to the infotainment system.

Question 7: Broadly speaking, there are two types of automotive attacks. What are they, and can you provide an example of each?
Q4 covers this. directly connected and remote attacks. Either directly thought the OBD2 port of via the infotainment system.

Question 8: Regarding levels of automation, which level refers to partial automation?
Level 2

Question 9: Regarding levels of automation, which level refers to assisted automation?
Level 1

Question 10: What is the name of the middleware and system-level standard developed by various stakeholders in 2003 that guides the automotive industry in designing and implementing software in the vehicle?
AUTomotive Open System ARchitecture (AUTOSAR)

Question 11: Which guide provides a complete life cycle process framework that could be adapted and tailored to a company-specific process?
ISO/IEC 15288:2008

Question 12: What are some of the key challenges in securing connected vehicles?
Price and a comparative increase in computer technology during the lifespan of a car, making it more vulnerable when it is older, especially when it is unsupported for software updates.

Comments

Post a Comment

Popular posts from this blog

Potensic D88

Image
1.1 Snazzy I haven't seen a huge amount about these drones so thought I'd jot down a few words here as I work to figure this thing out, enjoy it for what it is and try and work past its shortcomings. I come with a background in engineering and have had some RC planes and cars in the past. I am in no way a drone specialist with the only other drone in my hangar being a DJI Telo.  Review. 2.1 unfolded and ready to go First impressions The drone comes packaged as pictured if fig 1.1 in a nice padded case with a controller, 2 batteries, charger, some spare blades and a manual. For the relatively low cost it seems pretty snazzy. Setup involved taking off some clear film covers and a fairly straight forward process of pairing to the controller. From there there is a pre flight giro alignment then away you go. All of this is explained in the manual which I highly recommend reading as it isn't immediately obvious what you need to do. It fly's very well, quickly stabilising and ...
Read more

eLife Ranger motor fun

Image
fig 1.1 I decided to treat myself to an eBike to commute to work which was a mistake. After weeks of procrastinating I bought a very cheap new eLife Ranger hybrid for a number of meritous reasons. I may jot down a quick review of it later on as there really isn't much online about these bikes which is a shame as they are a tidy design at a sensible price point even at full price. After getting the thing home, I decided to take it down to the shops to drop some parcels off. I wanted to see what it was all about! Sadly it was clearly not working right. Although there was something there, it really wasn't doing much assisting, so I returned a bit pissed off. Reserch time What ensued was a night of research to figure out what was going on, but more importantly; what on earth I had just bought! eLife appear to be a brand to sell ebikes through ideal world amongst other sources to clear stock. They predominantly sell folding city bikes but this Ranger 950 has been for sale during 20...
Read more

eLife Ranger 950 review

Image
 29/12/2020 fig 1.2 freeze framed from the promo video Intro Before I get into reviewing this bike I want you to know why I bought it which will give you a bit more of my angle on the matter. fig 1.2  I started looking into an electric bike after a year of commuting a short distance to work on my trusty steely road bike you see on fig 1.2. When that work placement ended I was looking at my next commute being more like a 30 mile round trip which although completely doable, I wasn't going to commit that many hours of my life to commuting no matter how nice it was to be out on the bike. An electric bike seemed to be a sensible compromise between the speed of taking the car or a motorcycle against the near free to fuel bicycle. The next issue was picking one. A small folding bike was not going to be suitable for the long distance. A mountain bike would cost me more in weight and rolling resistance than the motor would benefit me. Taking these two options out of the equation cut ou...
Read more