Which of the following attack vectors is the vulnerability MOST likely targeting?

An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the company recently purchased.

Which of the following attack vectors is the vulnerability MOST likely targeting?
A . SCADA
B . CAN bus
C . Modbus
D . loT

View Answer

Answer: B

Explanation:

CAN bus (Controller Area Network) is a vehicle bus standard designed to allow microcontrollers and devices to communicate with each other’s applications without a host computer1. CAN bus is a message-based protocol, designed originally for multiplex electrical wiring within automobiles to save on copper, but it can also be used in many other contexts. CAN bus enables each device to send and receive data on a shared network, reducing the need for complex wiring and increasing reliability and performance. CAN bus is one of the five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. A vulnerability within the new fleet of vehicles that the company recently purchased is most likely targeting CAN bus, as it is a common and critical communication system in modern vehicles. An attacker could exploit a vulnerability in CAN bus to compromise or manipulate various vehicle functions or systems, such as braking, steering, engine control, airbags, etc. SCADA (A) stands for Supervisory Control And Data Acquisition, which is a system that monitors and controls industrial processes or infrastructure2. SCADA is not a vehicle bus standard and is not likely to be targeted by a vulnerability within a fleet of vehicles. Modbus © is a serial communications protocol that connects industrial electronic devices3. Modbus is not a vehicle bus standard and is not likely to be targeted by a vulnerability within a fleet of vehicles. IoT (D) stands for Internet of Things, which is a network of physical objects that are embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems over the internet. IoT is not a vehicle bus standard and is not likely to be targeted by a vulnerability within a fleet of vehicles.

References:

1: https://www.techopedia.com/definition/24771/technical-controls

2: https://www.techopedia.com/definition/25888/security-development-lifecycle-sdl

3: https://www.techopedia.com/definition/31686/resource-exhaustion: https://www.techopedia.com/definition/13493/penetration-testing