Automotive Penetration testing

Home - Automotive - Automotive Penetration testing
Automotive Penetration testing

Automotive Penetration testing

A modern vehicle, equipped with numerous electronic control units (ECUs) and over 100 million lines of embedded code, facilitates various user connectivity and operates within a complex in-vehicle network for data exchange. As the automotive industry progresses towards autonomous driving, Over-the-Air updates, and Software Defined Vehicles, the susceptibility of cars to cyber threats increases significantly. The possibilities of hacking a car extend beyond mere inconvenience to potentially resulting in loss of life, tarnished reputation, compromised personal data, and severe financial repercussions

An Ethical Hacker is an individual who leverages their expertise and understanding of systems to explore, experiment, exploit & execute vulnerabilities within the legal and ethical boundaries. The methodology employed by such individuals is termed as Ethical hacking or penetration testing (or shortly as pen testing). This practice is instrumental in enhancing cybersecurity by preemptively detecting and resolving weaknesses, reducing the potential exploitation by malicious entities.

UNECE WP.29, RN155 mandates OEMs to establish an Automotive Cybersecurity Management System (CSMS) to ensure the adequacy of security measures within vehicles. Penetration testing serves as a method for pinpointing system vulnerabilities and evaluating the effectiveness of cybersecurity protocols integrated into vehicles leading to CSMS and Vehicle cybersecurity type approvals.

Process of Penetration testing:
An automotive penetration testing can use PTES (Penetration Test Execution Standard) process which consists of 7 steps.
1. Pre-Engagement:
In Pre-Engagement step, scope of pen test shall be discussed with the customer and finalized. Stake holders identification and collecting documents aiding the grey or white box pen test is also part of this step.
2. Intelligence Gathering:
In Intelligence Gathering step, all possible information about the target under test shall be collected. All features of the target shall be studied using the documentation gathered and by discussing with the customer.
3. Threat Modelling
In Threat Modelling step a known threat modelling methodology (e.g.: STRIDE, TARA etc.) shall be applied on the target. Asset identification, Attack tree modelling, Data flow diagrams, Potential attack vectors, Feasibility of attack vectors etc. shall be investigated here which will provide a robust base for further vulnerability analysis and exploitation tests.
4. Vulnerability Analysis
In Vulnerability Analysis step, all known flows in the SW and tools shall be identified. The identified vulnerabilities shall be checked for criticality rating if listed in the CVSS database. An investigation can be done whether critical vulnerabilities can get fixed by updating the SW or tool version. Even otherwise known vulnerabilities are target of exploitation in next step.
5. Exploitation
During Exploitation step, actual attack on the target by security bypass through backdoor entry will be attempted. In this step, all known Vulnerabilities will be exploited, and all possible un-known vulnerabilities shall be detected.
6. Post Exploitation.
During Post Exploitation, persistent access to the target through backdoor entry will be attempted. Escalation of privileges to the root level will also be explored in this step.
7. Reporting
In Reporting step, all risks and vulnerabilities identified shall be reported along with the test method, test report, tools used etc. An executive summary followed by a detailed report will help.

Key Areas of Penetration testing in Vehicles:
Penetration testing for vehicle or vehicles components can be sub divided into two parts, ECU Exploitation and Connectivity exploitation.

ECU Exploitation
In ECU Exploitation, ECU Hardware, its firmware, application SW and smart sensors/Actuators will be exploited. Resistance towards reading HW components, binary extraction, debugging, re-flashing of unauthorised software, execution of malicious boot and application images etc. will be ensured by the pen tester through his exploitation tests. Tester will use the specialized HW and SW tools to execute these exploiting tests.

Connectivity Exploitation:
In Connectivity Exploitation, pen tester will check the Vulnerabilities in both in-vehicle network and external connectivity.

While exploiting in-vehicle networks like CAN, LIN or Ethernet techniques like Fuzzing, DOS attack, Denial of service and Authorization bypass possibilities etc. will be applied.

While exploiting external connectivity like Cellular, Wi-Fi, Bluetooth and Key fob techniques like evil Twin attack, sniffing, rogue access point setup, jamming, eavesdropping, brute-forcing, malicious code injection etc. will be applied.

Through the execution of penetration testing, OEM, Suppliers and developers can take a proactive approach in detecting and rectifying security vulnerabilities. This process contributes to enhance the vehicle’s cybersecurity measures, thereby safeguarding the safety and privacy of its occupants and other road users.

Siri AB is a Sweden, based organization with expertise in Automotive, Telecom and IoT engineering. It can help in executing all types of Penetration testing for Automotive and other IoT applications. It can also help your organization in developing Cybersecurity management according to ISO/SAE 21434 to reach the Cybersecurity Management System (CSMS) journey.

About the Author

Ishwara prasada S

Ishwaraprasada is the Head of Cyber Security Services in Siri AB with several years of experience in the Automotive domain. His area of expertise includes Cyber security, Functional safety, Autosar, Base Software, Battery management system, Vehicle Charging standards, Inverters & Engine management.

Leave A Comment

Tags