Adversaries may gain unauthorized access to in-vehicle systems by exploiting external remote services. These services, such as SSH servers or RPC servers, are exposed on the internet or intranet, providing a potential entry point for attackers to compromise vehicle networks.By abusing these external remote services, adversaries can execute commands, scripts, or binaries on the in-vehicle device. For example, they may manipulate accounts to maintain access or elevate their privileges within the vehicle's system. Additionally, adversaries can create new accounts to establish secondary access, allowing them to maintain a persistent presence without the need for continuous deployment of remote access tools on the vehicle.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.