Security Incident Reporting | Car Connectivity Consortium

Email

This field is for validation purposes and should be left unchanged.

Email(Required)

Phone Number(Required)

Vulnerability Description(Required)

Include vulnerability details and how to reproduce the issue.

Device/Phone

Describe the state of the device(s).

Describe the state of the device SE.

Vehicle

Describe the required level of access to the vehicle and its components.

Attack Result/Impact

What is the result of the attack (e.g. unauthorized memory read out, bypassing secure boot,…)?

Are there other impacts? Please specify.

Document/Specification

Title and Version of the Affected Document/Specification (if known)

Protocols

If yes, describe these potential vulnerabilities further.

Asset Name

Which asset is attacked (e.g. crypto algorithm, crypto data,…)?

Threat/Vulnerability

Specify the threat scenario (e.g. unauthorized door lock/unlock, engine start, reliable reduction of distance measurement, unauthorized data read out, unauthorized pairing of device, …).

Describe the vulnerability in detail (e.g. MITM, replay attack, relay attack, …).

Attack Window

Describe when such an attack can be executed.

Is the attack linked to a specific CCC flow: owner pairing, friend sharing, etc.?

Please provide a reference to the related section in a suitable CCC specification document.

How educated has the attacker to be (e.g. layman, specialist, developer, hacker,…)?

Tools

Is any specialized equipment or special SW required to conduct the attack?

Supporting Materials

Upload Attachments

Drop files here or

Accepted file types: jpg, gif, png, pdf, Max. file size: 256 MB, Max. files: 5.

Upload any files to support the Security Incident Report.

URL to Supporting Materials

CAPTCHA