A field manual on contextualizing cyber threats, vulnerabilities, and risks to connected cars through penetration testing and risk assessment

Hacking Connected Cars deconstructs the tactics, techniques, and procedures (TTPs) used to hack into connected cars and autonomous vehicles to help you identify and mitigate vulnerabilities affecting cyber-physical vehicles. Written by a veteran of risk management and penetration testing of IoT devices and connected cars, this book provides a detailed account of how to perform penetration testing, threat modeling, and risk assessments of telematics control units and infotainment systems. This book demonstrates how vulnerabilities in wireless networking, Bluetooth, and GSM can be exploited to affect confidentiality, integrity, and availability of connected cars.

Passenger vehicles have experienced a massive increase in connectivity over the past five years, and the trend will only continue to grow with the expansion of The Internet of Things and increasing consumer demand for always-on connectivity. Manufacturers and OEMs need the ability to push updates without requiring service visits, but this leaves the vehicle’s systems open to attack. This book examines the issues in depth, providing cutting-edge preventative tactics that security practitioners, researchers, and vendors can use to keep connected cars safe without sacrificing connectivity.

• Perform penetration testing of infotainment systems and telematics control units through a step-by-step methodical guide
• Analyze risk levels surrounding vulnerabilities and threats that impact confidentiality, integrity, and availability
• Conduct penetration testing using the same tactics, techniques, and procedures used by hackers

From relatively small features such as automatic parallel parking, to completely autonomous self-driving cars—all connected systems are vulnerable to attack. As connectivity becomes a way of life, the need for security expertise for in-vehicle systems is becoming increasingly urgent. Hacking Connected Cars provides practical, comprehensive guidance for keeping these vehicles secure.

Table of Contents

Part I Tactics, Techniques, and Procedures

Chapter 1 Pre-Engagement

Chapter 2 Intelligence Gathering

Chapter 3 Threat Modeling

Chapter 4 Vulnerability Analysis

Chapter 5 Exploitation

Chapter 6 Post Exploitation

Part II Risk Management

Chapter 7 Risk Management

Chapter 8 Risk-Assessment Frameworks

Chapter 9 PKI in Automotive

Chapter 10 Reporting

About the Author

Alissa Knight has worked in cybersecurity for more than 20 years. For the past ten years, she has focused her vulnerability research into hacking connected cars, embedded systems, and IoT devices for clients in the United States, Middle East, Europe, and Asia. She continues to work with some of the world’s largest automobile manufacturers and OEMs on building more secure connected cars.

Alissa is the Group CEO of Brier & Thorn and is also the managing partner at Knight Ink, where she blends hacking with content creation of written and visual content for challenger brands and market leaders in cybersecurity. As a serial entrepreneur, Alissa was the CEO of Applied Watch and Netstream, companies she sold in M&A transactions to publicly traded companies in international markets.

Her passion professionally is meeting and learning from extraordinary leaders around the world and sharing her views on the disruptive forces reshaping global markets. Alissa’s long-term goal is to help as many organizations as possible develop and execute on their strategic plans and focus on their areas of increased risk, bridging silos to effectively manage risk across organizational boundaries, and enable them to pursue intelligent risk taking as a means to long-term value creation. You can learn more about Alissa on her homepage at http://www.alissaknight.com, connect with her on LinkedIn, or follow her on Twitter @alissaknight.