CONNECTED VEHICLE TESTING

Today’s vehicles are more complex and more connected than ever before. This results in a significantly increased attack surface and, for the typical vehicle, a weaker security posture. Vehicle security is now about more than just physical security and connected vehicle cyber security testing is a requirement for every manufacturer.

The impact for vehicle cyber security issues can be large and affect personal safety. Criminals are using increasingly sophisticated attacks to steal vehicles, compromise their systems, compromise privacy and safety, and more.

There are a large number of points of ingress for an attacker. Modern vehicles typically have USB connections, connected entertainment systems, advanced navigation capabilities, various wireless systems and more. This presents an opportunity to compromise a vehicle both locally and remotely. Further, most manufactures are now providing mobile applications that interact with the vehicle; both tracking and functional interaction is possible.

Request a free quote

CREST-CHECK-ASV-STAR-CBEST-

GDPR

Connected vehicles often measure and store telemetry which includes personal data. Mobile applications often have vehicle tracking capabilities. It is highly likely that such data will be in scope for GDPR, thus a connected vehicle breach could have significant repercussions.

Standards

There are currently no commonly accepted standards for vehicle cyber security.  This is likely to change, though.

Nettitude are closely following ISO 26262.  This standard is titled “Road Vehicles – Functional Safety” and applies to the functional safety of electric systems in production automobiles.  It is likely that version two of the standard, which is in development, will address the issue of cyber security.

Likewise, J3061 by SAE is a standard in development for cyber-physical vehicle systems which Nettitude consider to be a useful resource.

Between these work in progress standards and Nettitude’s own experience, it is possible to provide leading connected vehicle assurance services.

Connected vehicle cyber security services

Nettitude have a wealth of experience assessing the security posture of a connected vehicle.  Specifically, we will focus on:

  • Design flaws
  • Specification flaws
  • Implementation flaws

The approach will vary depending on the requirement, but we recommend including all components of the connected vehicle system, assessing:

  • Dynamic analysis, including fuzzing and manual probes
  • Static analysis, including code review and coding standard review
  • Unit testing, hardware testing, integration testing
  • Using a white box approach where maximum information sharing occurs

This mix of architectural, procedural and implementation reviews allows maximum levels of assurance. Nettitude have discovered critical vulnerabilities in connected vehicle systems and have worked with global automotive manufacturers for a number of years.