Automotive Security Assessment Overview

It takes special skills and expertise to thoroughly test a system as complex as an automobile – VDA has what it takes.

IOT (INTERNET OF THINGS) AND EMBEDDED SECURITY TESTING

Uncovering these deep security issues is more critical than ever, and VDA can help bring fuzz testing into your software security program to help discover issues and more.

Automotive Security Assessments

IOT And Embedded Systems Testing

Automotive Security Assessments

The automotive industry has officially entered the 21st century – but is it ready for 21st century threats?

Today’s average car has 100 microprocessors, 50 electronic control units, 5 miles of wiring, 100 million lines of code, and is connected to the internet. Yet, the security of automobiles is of highest priority because there is real potential for harm if it is not done right.

Although VDA Labs serves a variety of clients from across the globe, VDA was founded in Michigan – and Detroit (and the auto industry) is in our backyard. VDA’s team of experts is passionate about finding weaknesses in complex systems, and has the experience to pull it off.

WHY DOES AUTOMOTIVE INFORMATION SECURITY MATTER?

are a result of human error. In today’s digital world, effectively protecting your organization means ensuring that employees are properly trained.

Cars and trucks are becoming almost as reliant on code as they are on gasoline (or electricity), which means that the attack surface area that can be exploited is growing rapidly. Looking at a vehicle as a complete system, there may be as many as 6 different wireless interfaces alone which could lead to compromise: Cellular, WiFi, Bluetooth, Remote Key, Passive Key, and TPMS.

But that’s not all: the car is in some ways like an endpoint (laptop, etc) in a corporate network. It has apps, is connected to corporate infrastructure, and could be monitored and exploited in unexpected ways. Here’s a VDA prediction that may surprise you: the next big Auto breach we hear about is likely to come from connected infrastructure, rather than CAN bus messages.

icon 1_Automotive Industry

AUTOMOTIVE INDUSTRY

Knowledge of how to hack and secure the Controller Area Network (CAN bus) is important in automotive security, because that is how microcontrollers and devices communicate with each other.

icon 2_hardware and firmware

HARDWARE AND FIRMWARE INSPECTION

In automotive electronics, the electronic control unit (ECU) is any embedded system that controls one or more of the electrical system or subsystems in a vehicle. Each of these computers is on the CAN bus, and needs to be secure in design, implementation, and robust against attacks of all kinds.

icon 3_API and Web

API AND WEB SERVER SECURITY

It’s not just the applications that use the Internet to communicate data via standard HTTPS APIs (typically POSTs). VDA will review the webserver security, the code security, and the exposed APIs to be sure attackers will not find a way in here.

icon 4_Network

NETWORK PENETRATION TESTING

Because automotive is really an ecosystem of networked vehicles, web services, authenticated diagnostics, and more – it is important to have a penetration testing team that understands every part of today’s connected world. Very few firms offer a complete skill set: everything from penetesting, app review, reverse engineering, isolation escapes, to CAN testing – VDA has the skills to conduct a complete automotive penetration test.

INTERESTED IN AUTOMOTIVE CYBER SECURITY TESTING SERVICES?

 

We had VDA look at automotive devices and connected solutions. They knocked it out of the park.

Motor City Auto Maker

IOT And Embedded Systems Testing

Devices are connecting the world like never before – but their security risks are commonly overlooked.

Connected devices are everywhere. Homes, offices, even wearables – and those devices often talk to the cloud to enable many of the amazing features everyone has come to expect. But this greater connectedness increases cybersecurity and privacy concerns that need to be audited and addressed.

In the past hackers thought penetration testing IoT (Internet of Things) and Embedded devices was equivalent to hardware hacking: dump the ROM memory and reverse engineer the code looking for vulnerabilities. That may be part of the assessment, but we’ve found that it’s so much more. It’s everything. The corporate infrastructure, the APIs, the web and mobile apps, etc. It’s having a team that understands the whole ecosystem.

VDA Labs has an experienced and adaptable team of professionals. We look forward to helping you find and fix issues across the IoT and Embedded spaces.

IOT & EMBEDDED SYSTEMS

Embedded and IoT devices are everywhere, connecting the world like never before. These devices may appear simple on the surface – serving as simple input and output, such as a smart thermostat monitoring the temperature and controlling the heater, but they open up more attack surface area than meets the eye.

Poorly secured IoT devices have already proven to be threats – whether it’s a compromised router allowing an attacker to pivot into an otherwise secured network, or a IP camera that has become a part of a botnet used in a Denial of Service (DoS) attack, the security implications are serious.

It takes a special kind of team to be adaptable enough to conduct security assessments against infrastructure hardware one week and a consumer device the next. VDA Labs has a proven track record of doing just that.

EXPERIENCED WHERE IT COUNTS

Complete testing of IoT and embedded devices is more complicated than a normal penetration test for many reasons – mainly because there are less general-purpose tools (Metasploit, etc) to audit the often proprietry attack surfaces. VDA Labs has experience assessing security with:

  • Building controllers (smart buildings)
  • Machine and industrial control systems (ICS)
  • Connected consumer electronics devices
  • Networking hardware (including infrastructure)
  • Video surveillance and IP camera systems
  • SOHO
  • Home appliances
  • and more

INTERESTED IN IOT OR EMBEDDED SECURITY SERVICES?

SECURITY STARTS WITH OUR SOLUTIONS