The automotive industry is using networks to connect together devices and microcontrollers inside vehicles. These networks may utilize, for example, CANbus, Ethernet, and the like.
On such networks, some nodes can control physical components through actuators or other means, while other nodes only need to receive sensor feedback and possibly present this information to end users. Examples of nodes in such a networked automotive environment potentially include: engine control unit, battery control unit, transmission control unit, air bag control unit, in car entertainment system and the like.
This heterogeneous environment can create serious security risks. A malicious party may potentially compromise one of these components by using one of the external interfaces exposed by the vehicle. Once such a component is compromised, an attacker can use it as a stepping stone to other attack components. An attacker can thus compromise critical vehicle components such as the locking system, the braking system and the engine.
By compromising critical vehicle components, an attacker can potentially steal the car, cause serious damage to the car or its surroundings and even cause serious injury or death.