Cloud Infrastructure

• The cloud backend is hosted on a major IaaS provider (e.g., AWS).
• Cloud regions and regulatory zones must be respected to ensure compliance with regional laws and regulations.
• Software Composition Analysis (SCA) tools are (or should be) implemented to monitor third-party components for vulnerabilities.

Vehicle Functionality

• Vehicles can be remotely blocked/unblocked through authenticated mobile commands.
• Autonomous driving functionality is disabled until critical software updates are successfully applied.
• There is no public marketplace for third-party vehicle upgrades; all updates are developed in-house.
• The vehicle is always the initiator of the OTA update process, with no capability for the cloud to initiate updates.
• Physical access to the vehicle is required to pair the mobile app with it.
• The OTA update process is digitally signed and validated before deployment.
• All critical autonomous vehicle decisions are made locally within the vehicle, not in the cloud.

Mobile App and Backend APIs

• While mobile app APIs are not public, they could potentially be reverse-engineered if not properly protected.
• We use modern development frameworks that implement secure-by-default controls.
• Access to the codebase is restricted, and all changes must undergo a thorough review process before being deployed.

Threat Modeling Process

• While general business threats (e.g., third-party library licensing breaches) are relevant, our focus is on threats specifically related to the autonomous vehicle industry.
• There may be resistance from developers when submitting threat reports; it’s important to frame these submissions in a blameless, constructive manner.