Cybersecurity is a paramount concern in vehicles since insufficient security puts lives at risk. It is critical to quantify risks and scoring vulnerabilities has proven to be a useful tool for traditional IT security to evaluate the criticality of vulnerabilities with respect to their risks. We present a methodology for adapting the proven CVSS scoring system to vehicles. This paper discusses the connected car environment and differences between vehicular security and traditional IT systems security. Following this discussion, we study publicly known vulnerabilities in vehicular security with the ultimate objective of quantifying them using the existing CVSS scale for IT systems. Equipped with the CVSS score, we are able to objectively comment on the impact of vehicular vulnerabilities and, ultimately, the need for architectural and add-on security upgrades for vehicles. We also propose a CVV naming system, based on CVE by MITRE, to assign unique identifiers to these vulnerabilities so that vehicular vulnerabilities can be efficiently tracked and studied. Finally, we draw inferences towards changing trends in vehicle security and address the question of whether vehicle hacking is mature enough to be an immediate threat for society.
9 photos · 19 views