Lock Your car - A Security Testing breach

                                          The basic amenities of automotive is no longer an expectation for the safety of drivers and passengers. It is a revolution that most promising consumer electronics are cars and not the ones in the living room. Just a remote key or a smart key to lock your car is not a stop to the security breach that could happen to the latest technology equipped cars, this is a little beyond our imagination where the probable could be of hacking even a vehicle’s ECU, infotainment and hence its acceleration or braking system itself. Pairing smartphones, Infotainment components, Telematics, aftermarket ECU mapping tools are all normal routine of the racing breed, which can contribute to security threats. Without a proper security testing for the future infotainment systems, all our information from personal to vehicle details can be of a major threat. This paper will discuss about the potential security threats, Security testing setup, Vulnerability analysis, case studies and some of the counter measures to evaluate such threats in automotive components.

Key words: Security, Automotive infotainment, Threats, Counter measures

 
2 favorite thumb_down thumb_up 0 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

Introduction

Next gen cars and infotainment

  • What is connected car
  • How connected cars are a part of IOT

Security considerations for testing

  • Hardware

              Keyless attacks

  • Software

               Audio

  • Communication

                Bluetooth

                GPS attacks

Types of Security threats

  • Hardware/Software attacks
  • Mobile hacking
  • Remote attacks

How does it affects owners and Drivers?

What happens if it is hacked?

  • Trust to OEM
  • Loss of money/car
  • Damage to vehicle

Counter measures

  • How do we secure our hardware
  • As a tester
  • Network security

Attacks in Mobile apps Mind map

Testing considerations

  • Conformance testing
  • Penetration testing
  • Fuzz testing

Areas to test connected apps

  • Accessibility
  • Protecting Data
  • Connectivity/network
  • Fuzz mechanism

Vulnerability analysis and software design

Scenarios

  • Lock your car remotely
  • Know your personal timings
  • Mislead in direction

Real time attack scenarios

Takeaways

  • Absolute security is not possible
  • Trust no testing tool since no tool cover all threats
  • Threats are complicated so must be dev/tests

Learning Outcome

Importance of Security testing

Testing Setup

Testing methodologies

Target Audience

Testers, Test managers,hackers

schedule Submitted 1 year ago

Comments Subscribe to Comments

comment Comment on this Proposal