Table 7.

A comparative overview of penetration testing in the surveyed literature.

Literature	Year	Attack Vector	Attack Type	Knowledge Level
Koscher [26]	2010	OBD, CAN, ECU	Sniffing, DoS, reverse engineering, unauthorized access, ECU tampering, injection attack	■
Miller [30]	2013	OBD, CAN, ECU	Sniffing, DoS, injection attack, diagnostic attack, firmware extraction/modification, ECU tampering, detecting attacks	■
Shoukry [31]	2013	ABS wheel speed sensors	Spoofing, tampering, injection attack	■
Woo [32]	2015	OBD, CAN, Mobile app, Bluetooth	Sniffing, DoS, replay attack, wireless attack, malicious app installation	■
Petit [33]	2015	Sensors	Blinding attack, jamming attack, replay attack relay attack, spoofing	■
Abbott-McCune [34]	2016	OBD, CAN	Sniffing, DoS, replay attack	■
Mazloom [27]	2016	IVI	Data extraction, reverse engineering, heap overflow attack, malicious code injection	■
Yan [28]	2016	Sensors	Jamming attack, spoofing	■
Nie [35]	2017	Wi-Fi, cellular, CAN	Privilege escalation, Unauthorized access, ECU tampering, reverse engineering, injection attack	■
Cheah [36]	2017	Bluetooth	Sniffing, DoS, data extraction, injection attack	■
Shin [29]	2017	Lidar	Channel attack	■
Milburn [37]	2018	CAN debug interfaces, ECU	Firmware extraction/modification, fault injection	■
Jeong [38]	2018	Keyless entry	Relay attack	■
Dürrwang [39]	2018	Airbag ECU	Diagnostic attack, signal tampering	■
Sommer [40]	2019	In-vehicle network	Eavesdropping, reverse engineering	■
He [41]	2020	GNSS	Spoofing, jamming attack	■
Zachos [42]	2020	OBD, CAN	Spoofing, diagnostic attack	■
He [43]	2020	OTA	Sniffing, DoS, spoofing, tampering, replay attack, unauthorized access, reverse engineering	■
Wen [44]	2020	Wireless OBD dongle	Spoofing, eavesdropping, injection attack	■
Ebert [16]	2021	Ethernet, IVI	DoS, spoofing, eavesdropping, malicious code injection	🞕

■ = Black box, 🞕 = Grey box.