Penetration testing is an attempt to breach security of a network or a system (ECU) to know the extent the system could tolerate real world attack patterns, level of ability attacker needs to have to compromise the system, additional countermeasures required to make the system secure.
Penetration test is an authorized and a continual process to verify if application, network or systems are not vulnerable to security risks and the resources are not compromised. Penetration test does not represent a full security audit as it is just an attempt to breach security of a network or a system and such tests only represent a snapshot of a system at a moment of time.
Following are the different attach vectors developed by KPIT to compromise specific interfaces:
Attack Vectors Developed
|Scanning and enumeration||Bluetooth, Wi-Fi, USB|
|Compromise of credentials||Bluetooth, Wi-Fi|
|Escalation of privileges||Bluetooth, Wi-Fi, CAN|
|CAN message parsing and CAN Id identification (Black Box)||KANN|
|Denial of Service||KANN|
|Low level memory access||ECU|
|Reverse engineering seed-key-response algorithm||ECU|