• automotive
• cybersecurity
• penetration testing
• scapy
• threat analysis

The increasing intelligence and connectivity of vehicles have introduced unprecedented cybersecurity threats, ranging from privacy breaches to personal injuries. A comprehensive risk assessment of automotive cybersecurity is essential to address these challenges, and this study proposes a systematic methodology for assessing automotive cybersecurity risks. The framework includes an assessment process and
systematic methods that consider changes in the threat environment, evaluation targets, and available information throughout the vehicle lifecycle. Furthermore, the thesis led to developing a security assessment framework written in Python using Scapy to manipulate the CAN bus and more. Specifically, the thesis structure is as follows. Chapter 1 provides an overview of the history of the automotive threat landscape, together with a presentation of the thesis work and the internship company. Chapter 2 provides a background of the two big worlds of concern: cybersecurity
and automotive. Then, in Chapter 3, a presentation of the methodology and the
theory behind it is given. Chapter 4 focuses on the real-case scenario used to detail the security assessment methodology proposed. Finally, Chapter 5 lists the findings of the experiments and looks at some insights about the future of the automotive cybersecurity environment. Appendix A presents some details about the heavily exploited UDS protocol.