Adversaries may gain access to vehicle systems through supply chain compromises, where they exploit vulnerabilities in the software or hardware provided by third-party suppliers. These compromises can have far-reaching consequences, as the supplier's products are used by multiple OEMs, potentially allowing adversaries to impact a wide range of vehicles.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.