security partner<\/a> to ensure driver safety and privacy. With years of diverse experience in the automotive domain, Intellias was a good fit. Our client requested a series of security assessments and car penetration tests on their connected cars and the underlying ecosystem.<\/p>\nTechnology solution<\/h2>\n We kicked off this partnership with a series of requirements management workshops that involved our client\u2019s product teams and our own team, which was composed of a security architect and two car penetration testing engineers. These workshops yielded valuable input for threat modelling. We managed to identify a range of potential threat agents, vulnerabilities, at-risk information assets, and impacts of exploitation. Our testing gear included an actual car that we communicated with remotely.<\/p>\n
We mostly performed manual tests, as little could be automated with off-the-shelf solutions. We used automated testing for basic coverage, however, including to test insecure storage of sensitive data and leaks of personally identifiable information (PII). Manual testing covered the whole attack surface and included network analysis, web and mobile penetration testing, code analysis, and reverse engineering.<\/p>\n
We mimicked client-side attacks against smartphone apps (iOS and Android) and smartwatch apps (watchOS, Android Wear, and Tizen) to enable remote vehicle access, perform infotainment operations, and breach emergency services. In particular, our team set up dedicated infrastructure that allowed us to sniff Bluetooth traffic to ensure the security of smartwatch-smartphone communications.<\/p>\n
To perform automotive security penetration testing, our team simulated two types of attacks. To address parameter tampering vulnerabilities, we tried to manipulate client-server exchange data such as user credentials and permissions. To assess man-in-the-middle vulnerabilities, we attempted to intercept and alter communications between the client and server. We verified backend immunity using techniques including triggering of unhandled exceptions, SQL injection, and cross-site scripting (XSS).<\/p>\n
Each testing round resulted in a comprehensive report detailing identified vulnerabilities, reproduction scenarios, and recommendations for patching. After our client\u2019s development team fixed the reported security issues, we performed remediation testing to validate the fixes.<\/p>\n
We used the following industry-recognized guidelines and standards\u202fduring\u202fpenetration testing of automotive devices:\u202f<\/b>\u00a0<\/span><\/p>\n\nOWASP Top\u00a010\u00a0<\/span><\/li>\nOWASP Testing\u00a0Guide\u00a0v4\u00a0<\/span><\/li>\nOWASP Mobile\u00a0Security\u00a0Project\u00a0<\/span><\/li>\nOWASP Top\u00a010 Mobile\u00a0Risks\u00a0<\/span><\/li>\n<\/ul>\nBusiness impact<\/h2>\n Since 2014, we have gone through three rounds of car penetration testing, each triggered by new releases of connected car applications. The findings of these security tests have helped our client strengthen their connected car solutions in terms of safety, security, and privacy.<\/p>\n
We helped our client<\/b>\u00a0<\/span><\/p>\n\nIdentify critical\u00a0safety\u00a0issues such as two-factor authentication bypasses\u00a0and Bluetooth vulnerabilities\u00a0that\u00a0exposed\u00a0cars to remote attacks\u00a0\u00a0<\/span><\/li>\nDetect a\u00a0number\u00a0of\u00a0medium\u00a0security weaknesses, including\u00a0PII\u00a0leakage\u00a0in\u00a0the customer portal\u00a0and\u00a0insecure storage of credentials\u00a0<\/span><\/li>\nAcquire\u00a0complete\u00a0protection\u00a0for their connected car ecosystem\u00a0<\/span><\/li>\nGet a\u00a0permanent security partner\u00a0to\u00a0contribute\u00a0to\u00a0the\u00a0OEM development\u00a0process\u00a0<\/span><\/li>\nOffer more fun and innovation to\u00a0their\u00a0customers while keeping them\u00a0safe\u00a0<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"We helped our automotive client secure their IoT apps by detecting vulnerabilities <\/p>\n","protected":false},"author":6,"featured_media":49781,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[12,36],"acf":[],"yoast_head":"\n
Penetration Testing of Connected Car Apps | Intellias Case Study<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n \n\t \n\t \n\t \n