Automotive penetration test

hardware testing

The advancing process of digitalization does not stop at the automotive world.

The increasing number of ECUs in automobiles, as well as the greater networking of vehicles (C2X), also increases the risk of unauthorized access and manipulation of safety-critical systems.

Particularly nowadays, vehicles are networked in numerous ways, both internally and externally. For example, navigation devices access information in the CAN bus and simultaneously offer external access via interfaces such as Bluetooth, WLAN or LTE. But even the mandatory OBD-II interface represents a significant attack vector. One example of the manipulation of automotive control units is the trend towards so-called “map optimization”.
However, advanced knowledge can also make use of information transmitted via the CAN bus to manipulate a wide variety of vehicle functions or to use it for function enhancement. The in-depth networking of a wide range of control units in the vehicle enables pioneering features such as autonomous driving, cruise control systems or even improved navigation.

A clear and present threat

The manipulation of control units is therefore a clear and present threat to car drivers, workshops, suppliers and the car manufacturers. Be it a change in mileage, a potential increase in performance or even the manipulation of parameters on the CAN bus.

Testing focus:

  • Testing according to ISO/SAE 21434 Automotive Cybersecurity Standard
  • Bus Protocols
    • CAN
    • LIN
    • Ethernet
  • Reverse engineering of the CAN bus
    • Packet Analysis
    • Fuzzing
  • Testing the connection of the CAN buses (bridges)
    • Connection of Infotainment Unit to Engine Controlling Unit
  • Infotainment system
    • Attacks via the update system
    • Check for known vulnerabilities
  • Mobile app communication
  • Interface testing
    • ODB-II
    • Bluetooth
    • Keyless Go
    • GPS
    • WiFi
    • Mobile connection
    • Cameras
    • Sensors
  • ECUs and other embedded systems
    • Check for known vulnerabilities
    • Code Analysis
    • Brute-Forcing with Power-Analysis
    • Fault Injection
  • Key tests
    • Jamming
    • Brute-Forcing
    • Forward Prediction
  • Vehicle-to-Vehicle and Vehicle-to-Infrastructure Communication

Procedure of the tests

During the initial meeting, we get to know you and your company better. In the second round of the meeting, we discuss the next steps together with all decision-makers. The methodology of penetration testing to be applied is determined.

Once the penetration test has identified possible attack vectors and determined their probability of occurrence and the extent of damage, we present the results to you in a final report.

This includes a management summary, a detailed description of the inherent risks, and a proof of concept so that you can track the vulnerabilities internally with your own IT experts.

At the heart of the documentation are the comprehensive recommendations for action, which you can use to carry out independent remediation of the weak points in a simple and comprehensible manner.

Independently of a free debriefing to clarify open questions or ambiguities, we are also happy to provide you with a confirmation of the successful execution of a penetration test upon request. You can use this as proof for customers and business partners.

 

 

The final report contains the following components:

  • Project frame data (project name, contact person, test period, scope)
  • Management summary
  • Description of the approach and methods used
  • Summary and assessment of the identified vulnerabilities with regard to their criminality (incl. naming of CVSS values and CVE entries) as well as technical proof of concept
  • Detailed technical description of the identified vulnerabilities / inherent risks.
  • Recommendation of measures to eliminate the vulnerability as well as listing of all vulnerabilities in tabular form (Excel).

Your contact

You can always reach us personally. Because loyalty based on partnership is far more important to us than short-term success.

Philipp Kalweit

Philipp Kalweit

Managing Partner

 

+49 40 285 301 257

hello@kalwe.it

Philipp Kalweit is an experienced IT security consultant on the topics of security awareness and offensive IT auditing. For the past six years, he has been advising and auditing clients from the SME and group environment, in particular ECB and BaFin-regulated organizations as well as groups in the retail sector. His consulting focus is on holistic IT security. He was honored for his work in 2019 by DIE ZEIT as “Hamburger of the Month” and in the same year was included in the Forbes “30 under 30 DACH” list.