Tactic: Disturbance

Technique: Replay Controller Traffic

A replay attack occurs when a cyber criminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resend it to misdirect the receiver into doing what the hacker wants. The added danger of replay attacks is that a hacker doesn't even need advanced skills to decrypt a message after capturing it from the network. The attack could be successful simply by resending the whole thing.

Technique in practice

Video: Demo of a Replay attack
Video: Replay attack on a car

Mitigations

Mitigating such an attack can be done by using "keys" in each message. This key should only be valid for one message. With these keys, replaying an attack would cause the key to be incorrect the second time the message is send.

Another preventive technique is using timestamps on messages. This can limit the time the attacker has to eavesdrop, change the message and send it.

Detections

Detection can be done by constantly scanning for messages that are the exactly the same.
The best way however is using one of the mitigations above, timestamps are the easiest as you can clearly see the stamps with the same or maybe even a way later time.

Documented incidents with autonomous robots

No incidents known at the time of writing.

Documented incidents in other domains

List to all Replay attacks in CVE database