Skip to content

Commit

Permalink
Add Automotive Security Misconfiguration mappings (#237)
Browse files Browse the repository at this point in the history 
* Add automotive remediation advice

* Add automotive remediation advice

* Add CVSS mapping

* Update changelog
  • Loading branch information
@plr0man @adamrdavid
plr0man authored and adamrdavid committed Apr 15, 2019
1 parent 98f78e3 commit 4ceee04
Show file tree
Hide file tree
Showing 3 changed files with 198 additions and 6 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p

## [Unreleased]
### Added
- Remediation Advice and CVSS mappings for automotive_security_misconfiguration

### Removed

Expand Down
73 changes: 70 additions & 3 deletions mappings/cvss_v3/cvss_v3.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -845,15 +845,82 @@
"children": [
{
"id": "infotainment",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
"children": [
{
"id": "pii_leakage",
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"id": "code_execution_can_bus_pivot",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"id": "code_execution_no_can_bus_pivot",
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"
},
{
"id": "unauthorized_access_to_services",
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"
},
{
"id": "source_code_dump",
"cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
{
"id": "dos_brick",
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"id": "default_credentials",
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
]
},
{
"id": "rf_hub",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
"children": [
{
"id": "key_fob_cloning",
"cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"id": "can_injection_interaction",
"cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"id": "data_leakage_pull_encryption_mechanism",
"cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
{
"id": "unauthorized_access_turn_on",
"cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
},
{
"id": "roll_jam",
"cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
},
{
"id": "replay",
"cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
},
{
"id": "relay",
"cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
}
]
},
{
"id": "can",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
"children": [
{
"id": "injection_disallowed_messages",
"cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"id": "injection_dos",
"cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
}
Expand Down
130 changes: 127 additions & 3 deletions mappings/remediation_advice/remediation_advice.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1214,15 +1214,139 @@
"children": [
{
"id": "infotainment",
"remediation_advice": ""
"children": [
{
"id": "pii_leakage",
"remediation_advice": "Do not store PII such as call logs, text messages, and contact lists or names as plaintext in the infotainment system.",
"references": [
"https://www.prnewswire.com/news-releases/carsblues-vehicle-hack-exploits-vehicle-infotainment-systems-allowing-access-to-call-logs-text-messages-and-more-300751244.html"
]
},
{
"id": "code_execution_can_bus_pivot",
"remediation_advice": "Filter arbitrary commands and apply input validation to any media devices to prevent executing from the infotainment system. Make sure that the infotainment system is on a sandbox module and does not have direct interaction to the CANbus network.",
"references": [
"https://motherboard.vice.com/en_us/article/3kvw8y/researchers-hack-car-infotainment-system-and-find-sensitive-user-data-inside",
"https://www.bleepingcomputer.com/news/security/you-can-hack-some-mazda-cars-with-a-usb-flash-drive/",
"http://illmatics.com/carhacking.html"
]
},
{
"id": "code_execution_no_can_bus_pivot",
"remediation_advice": "Filter arbitrary commands and apply input validation to any media devices to prevent executing from the infotainment system.",
"references": [
"https://motherboard.vice.com/en_us/article/3kvw8y/researchers-hack-car-infotainment-system-and-find-sensitive-user-data-inside",
"https://www.bleepingcomputer.com/news/security/you-can-hack-some-mazda-cars-with-a-usb-flash-drive/",
"http://illmatics.com/carhacking.html"
]
},
{
"id": "unauthorized_access_to_services",
"remediation_advice": "Filter services that allow you to control the vehicle or infotainment system from being accessed by unauthorized users. Apply authentication mechanisms to certain endpoints.",
"references": [
"https://www.troyhunt.com/controlling-vehicle-features-of-nissan/"
]
},
{
"id": "source_code_dump",
"remediation_advice": "Obfuscate the code and find creative ways to break disassemblers and debuggers.",
"references": [
"https://en.wikipedia.org/wiki/Security_through_obscurity",
"https://www.researchgate.net/publication/320859156_Source_Code_Vulnerabilities_in_IoT_Software_Systems"
]
},
{
"id": "dos_brick",
"remediation_advice": "Filter malicious payloads or string attacks. Apply rate limiting on the app level side.",
"references": [
"https://www.owasp.org/index.php/Application_Denial_of_Service",
"https://www.forbes.com/sites/leemathews/2017/04/10/a-malware-outbreak-is-bricking-insecure-iot-devices/#36603e4a29a3",
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Denial_of_Service_Cheat_Sheet.md"
]
},
{
"id": "default_credentials",
"remediation_advice": "Do not ship infotainment systems with any configured accounts or with default and common usernames and passwords. Do not hard code any backdoor accounts or special access mechanisms.",
"references": [
"https://www.owasp.org/index.php/Testing_for_default_credentials_(OTG-AUTHN-002)",
"https://www.owasp.org/index.php/Configuration#Default_passwords"
]
}
]
},
{
"id": "rf_hub",
"remediation_advice": ""
"children": [
{
"id": "key_fob_cloning",
"remediation_advice": "Implement key fob encryption.",
"references": [
"https://electronics.howstuffworks.com/gadgets/automotive/unlock-car-door-remote1.htm",
"https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/"
]
},
{
"id": "can_injection_interaction",
"remediation_advice": "Implement a secure gateway that prevents CAN Injection from the RF Hub.",
"references": [
"https://www.reddit.com/r/CarHacking/comments/73qs0x/chrysler_sgw_security_gateway/"
]
},
{
"id": "data_leakage_pull_encryption_mechanism",
"remediation_advice": "Inspect outgoing traffic from the RF Hub and make sure encryption mechanism cannot be extracted.",
"references": [
"https://www.networkworld.com/article/2284289/data-leak-prevention-and-encryption--tools-that-can-work-together.html"
]
},
{
"id": "unauthorized_access_turn_on",
"remediation_advice": ""
},
{
"id": "roll_jam",
"remediation_advice": "Update how rolling codes work in vehicles and do over-the-air update capabilities.",
"references": [
"https://makezine.com/2015/08/11/anatomy-of-the-rolljam-wireless-car-hack/"
]
},
{
"id": "replay",
"remediation_advice": "Block the transmission of unwanted radio signals and block all forms of the amplification attacks.",
"references": [
"https://www.wired.com/2017/04/just-pair-11-radio-gadgets-can-steal-car/",
"https://www.wired.com/2016/03/study-finds-24-car-models-open-unlocking-ignition-hack/"
]
},
{
"id": "relay",
"remediation_advice": "Block the transmission of unwanted radio signals and block all forms of the amplification attacks.",
"references": [
"https://www.wired.com/2017/04/just-pair-11-radio-gadgets-can-steal-car/",
"https://www.wired.com/2016/03/study-finds-24-car-models-open-unlocking-ignition-hack/"
]
}
]
},
{
"id": "can",
"remediation_advice": ""
"children": [
{
"id": "injection_disallowed_messages",
"remediation_advice": "Filter malicious CANbus requests or codes especially if not included in the DBC file by implementing a secure gateway.",
"references": [
"https://news.voyage.auto/an-introduction-to-the-can-bus-how-to-programmatically-control-a-car-f1b18be4f377"
]
},
{
"id": "injection_dos",
"remediation_advice": "Filter malicious CANbus requests or codes by implementing a secure gateway, as well as limit access to input ports (specifically OBD-II) on automobiles as pointed out by CERT.",
"references": [
"https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-209-01",
"http://www.autoconnectedcar.com/2017/08/connect-car-can-bus-cant-handle-dos-hacksattacks-researchers-report-can-standard-can-be-changed/"
]
}
]
}
]
}
Expand Down

0 comments on commit 4ceee04

Please sign in to comment.