Adversaries may exploit Electronic Control Units (ECUs) to perform lateral movement within a vehicle's network. ECUs are specialized embedded systems that control various functions within modern vehicles, such as engine management, airbags, and braking systems. By gaining access to one ECU, adversaries can potentially compromise the integrity of the vehicle's network and manipulate other connected ECUs.Adversaries may leveraging existing vulnerabilities in ECUs. For instance, an adversary might first compromise an infotainment system connected to the internet and then move laterally to more sensitive ECUs like those related to steering or braking. This technique may require specialized knowledge of the vehicle's network architecture and the communication protocols used, such as CAN bus, LIN, or FlexRay.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.