Security Testing – Infotainment System

Case Studies Arun R M today24th April 2019 144 162 4

Background
share close

👉 VAPT of InVehicle Infotainment system
👉 Validating Network Communication for Media
👉 Fuzzing of CAN Interface


SCOPE

✔️ Conduct Penetration Test for Media services on EthernetAVB
✔️ Perform Fuzzing on CAN Interface (WhiteBox)
✔️ Validate VLAN, WiFi, BLE and IPSec Implementation


TESTING SERVICES

✔️ Perform Penetration Testing on Network and WebApplication (Manually & Automatically)
✔️ Perform Fuzzing on CAN Interface
✔️ Validate BLE, WiFi and IPSec Implementation
✔️ Fingerprint and Assess EthernetAVB service
✔️ Provide Detail Summary of Vulnerabilities identified
✔️ Assess Firmware of ECU for Vulnerabilities.


KEY ACHIEVEMENTS

Interesting Vulnerabilities have been identified using assessment across multiple interfaces and Provided Countermeasures


Sample Vulnerabilities

check Sensitive Data over Telnet service

check Denial of Service in BLE

check Unwanted Software's exists in Firmware

check UART user exposure while brute forcing

check KRACK Issue in WiFi interface

check CAN Stack – Random Overflows

check Reveal Credentials while Firmware Analysis

check Authentication Missing in LAN Web Interface

check Insecure Configurations of Network Services


Standards followed

SANS, NIST, OWASP IoT

US-CERT

Written by: Arun R M

Tagged as: , , , , , .

Rate it

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *

Open chat
1
Hello👋

Welcome to Cynorsense

How can we help you?