Automotive Penetration Testing

Automotive Penetration Testing is all about testing the technology is vehicles. Technology deployments are likely some of the most complex connected devices at the present time. The attack surface is immense. It covers aspects such as: The Internet, mobile, Bluetooth, custom RF protocols, DAB, media files imported over USB, remote diagnostics, telematics, mobile apps and many many more. The list goes on and every month the list seems to increase.

Benefits of Automotive Penetration Testing

At Hedgehog we believe that every business should benefit from a safe, connection world. With the rise of the connected vehicle, this can pose a challenge. Understanding the threats that might be launched from vehicle interfaces, remote network services, source code, in-vehicle data transmissions, or communications protocols is a specialist job. With extensive motorsport knowledge and experience, and access to testing facilities such as Bruntingthorpe, Donnington and Oulton Park, we are uniquely places to perform automotive penetration testing.

We have the ability, technology and knowledge to perform penetration testing on all layers of the telematics system, infotainment system, and mobile apps over the entire attack surface that they use to communicate, including Bluetooth, WLAN, and cellular phone networks (GSM).

Automotive Penetration Testing Quote

Use our online quote generation service to design and build your perfect automotive penetration test and receive a formal quote within hours, not days.

Automotive Security Challenges

Although automotive device manufacturers are starting to implement security controls, they are still a long way from finding a good level of security. It is you who is ultimately responsible for securing the vehicle. There re eight key areas we focus on:

Can Bus

Manipulating and tempering the CAN bus package and reverse engineering.

TCP/IP AND ETHERNET

Analyzing network connections inside the vehicle.

TCP OVER USB

Detecting remote attacks via network services.

IN-CAR DATA

Detecting insecure in-car data transmission channels.

INFOTAINMENT SYSTEMS

Detecting possible DoS attacks via in-car media systemsManipulating and tempering the CAN bus package and reverse engineering.

THIRD-PARTY SERVICES

Testing Android Auto, Apple CarPlay, MirrorLink, and Bluetooth.

2G/3G/4G

Investigating for cellular networks and potential threats. Manipulating and tempering the CAN bus package and reverse engineering.

HEAD UNIT SECURITY

Ensuring control of critical subsystems such as brakes and steering.

Threats for 2020

  • Unauthorised Access
  • Insecure Interfaces and API's
  • Misconfiguration
  • Account Hijacking
  • Data Leakage
  • Malicious Insiders
  • Malware

What we can test

Automotive Penetration Testing is an ever evolving specialist field. We do not claim to be test everything. We can test the following:

  • Wireless Communications Infrastructure or WCI
  • Vehicle Interface Block or VIB, including all network types and protocols used in the in-vehicle network, such as LIN, MOST, CAN, and Flexray.
  • Bluetooth, WiFi, and USB interfaces of the HU
  • WiFi communication between the HU and TCU
  • Static and dynamic code analysis of the connected car's mobile app
  • Over-the-air (OTA) updates between the vehicle and OEM backend

Why Hedgehog?

Our Automotive Penetration Testing team is already trusted by a number of large brands, including VAG, Porsche and Bentley. We conduct a significant amount of research especially around the Motorsports sector and take an active part in the British Touring Car Championship (BTCC), Ginetta GT4 Supercup and the British GT series.

If you would like to meet the team in a fun atmosphere, come and see us on one of our motorsport weekends.

Useful Resources

Here are some useful resources that might be of help:

Automotive Penetration Testing Fun

Mostly be we can, and we do. Here are some photos of our automotive penetration testing team in action.

Automotive Penetration Testing
canbus hacking - automotive penetration testing
Scroll to Top

Covid-19 Update

We Remain Open

At this present time we have taken all the relevant measures to ensure our team are safe. Until further notice all our “onsite” engagements will either be postponed or performed remotely via VPN or one of our appliances.

Please bear with us if we need to reschedule some of your work. As a collective, we are also volunteering our time to support the elderly and assist essential services.

Thank you for your patience and understanding.

Peter
CEO & Founder