CS406: Information Security

Baiting attacks, also called road apples, are phishing attacks that invite users to click on a link to get free stuff. They act like trojan horses where the attack is performed by exploiting unsecured computer materials such as storage media or USB drives containing malware in a coffee shop to be found by victims. When the victims plug the USB drive into their computers, the drive acts like a real world trojan horse and attacks the computer. This attack performs malicious actions in the background without being noticed by the victims.

In "A social engineering attack to leak information from infotainment system", the authors described a baiting attack named controller area network (CANDY) to be launched as a trojan horse in the infotainment system of automotive systems. This attack impacts the security capabilities of the vehicle by manipulating the communication between the driver and the vehicle. It is performed by recording the driver’s voice which lets the attacker remotely access the victim’s vehicle via back door, collect information about the vehicle circulation, and control the operation of the vehicle.