AUTOMOTIVE & VEHICLE SECURITY

Home > Hardware Assessments > Automotive & Vehicle Security
The automotive industry has officially entered the 21st century – but is it ready for 21st century threats?
Today’s average car has 100 microprocessors, 50 electronic control units, 5 miles of wiring, 100 million lines of code, and is connected to the internet. Yet, the security of automobiles is of highest priority because there is real potential for harm if it is not done right.

Although VDA Labs serves a variety of clients from across the globe, VDA was founded in Michigan – and Detroit (and the auto industry) is in our backyard. VDA’s team of experts is passionate about finding weaknesses in complex systems, and has the experience to pull it off.

Why does automotive information security matter?

Cars and trucks are becoming almost as reliant on code as they are on gasoline (or electricity), which means that the attack surface area that can be exploited is growing rapidly. Looking at a vehicle as a complete system, there may be as many as 6 different wireless interfaces alone which could lead to compromise: Cellular, WiFi, Bluetooth, Remote Key, Passive Key, and TPMS.

But that’s not all: the car is in some ways like an endpoint (laptop, etc) in a corporate network. It has apps, is connected to corporate infrastructure, and could be monitored and exploited in unexpected ways. Here’s a VDA prediction that may surprise you: the next big Auto breach we hear about is likely to come from connected infrastructure, rather than CAN bus messages.

AUTOMOTIVE INDUSTRY
Knowledge of how to hack and secure the Controller Area Network (CAN bus) is important in automotive security, because that is how microcontrollers and devices communicate with each other.
HARDWARE AND FIRMWARE INSPECTION
In automotive electronics, the electronic control unit (ECU) is any embedded system that controls one or more of the electrical system or subsystems in a vehicle. Each of these computers is on the CAN bus, and needs to be secure in design, implementation, and robust against attacks of all kinds.
OPERATING SYSTEM AND APPLICATION SECURITY
The head unit is increasing becoming the central piece of technology in today’s smart cars. From the OS, to each of the interfaces and applications it exposes, the head unit needs to be as secure as possible. A breach here could be fatal if not properly isolated and monitored for threats.
API AND WEB SERVER SECURITY
It’s not just the applications that use the Internet to communicate data via standard HTTPS APIs (typically POSTs). VDA will review the webserver security, the code security, and the exposed APIs to be sure attackers will not find a way in here.
NETWORK PENETRATION TESTING
Because automotive is really an ecosystem of networked vehicles, web services, authenticated diagnostics, and more – it is important to have a penetration testing team that understands every part of today’s connected world. Very few firms offer a complete skill set: everything from penetesting, app review, reverse engineering, isolation escapes, to CAN testing – VDA has the skills to conduct a complete automotive penetration test.
Overview
Automotive Security Assessments

IOT and Embedded Systems Testing

INTERESTED IN AUTOMOTIVE CYBER SECURITY TESTING SERVICES?

Contact Us Now!
We had VDA look at automotive devices and connected solutions. They knocked it out of the park.
Motor City Auto Maker