Replication Through Removable Media

Adversaries may exploit the use of removable media in vehicle systems to gain initial access and spread malicious content. In the context of vehicle cybersecurity, removable media such as USB drives are commonly used for updating in-vehicle infotainment (IVI) systems or transferring data. Adversaries may take advantage of this functionality to introduce malicious code or malware into the vehicle's network, potentially leading to system compromise and unauthorized access.By inserting a compromised USB drive into a vehicle's IVI system, adversaries can introduce malicious files or code that can be automatically executed by the vehicle's software. For example, adversaries may load a Virtual Contact File from the USB drive, which contains malicious content designed to exploit vulnerabilities in the IVI system. Additionally, adversaries may disguise malware as a legitimate software update and trick the IVI system into executing the malicious code from the USB drive, thereby gaining unauthorized access and compromising the vehicle's network. This technique allows adversaries to replicate and spread their malicious content across multiple vehicles by using removable media as a delivery mechanism for their attacks.

ID: T2009
Sub-techniques:  No sub-techniques
Tactic: Initial Access
Version: 1.0
Created: 03 December 2023
Last Modified: 03 December 2023
ATT&CK Reference:  T1091

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.