• pentesting
• interfaces
• platform
• cybersecurity
• threat
• vulnerability
• attack-tree
• security
• automotive

Modern vehicles are increasingly computerized and interconnected as they have Electronic Control Units(ECUs) responsible for one or more features, and they make decisions by exchanging data with the other ECUs through the internal network and with the outside world. The development of information technologies in vehicles and the lack of adequate protection measures has caused an increase in computer accidents, particularly in recent years. In this thesis, we modeled and analyzed the automotive sub-systems containing the Wi-Fi, Ethernet, and TPMS interfaces to discover the threats and get an idea of the attacks to reach them. Then we described the normal functioning of the communication protocols used by the interfaces, how the attacks can be implemented to exploit the weaknesses, and the proposed countermeasures. We developed a platform to collect and launch attack scripts that reproduce attacks already present in the literature and novel attacks as well. To develop attack scripts for the TPMS interface, we reverse-engineered the proprietary communication protocol. The attack scripts allow an interactive and automatic execution of the steps when the user interaction is not required. Our platform highlighted vulnerability in Automotive and ICT devices because they have not security measures implemented. Attacks have been successful also in an evaluation board Ethernet interface suitable for automotive systems design. Car manufacturers can verify the vulnerabilities of the systems using our platform, and then provide adequate defenses.