Penetration testing is an attempt to breach security of a network or a system (ECU) to know the extent the system could tolerate real world attack patterns, level of ability attacker needs to have to compromise the system, additional countermeasures required to make the system secure.
Penetration testing done in two ways:
- After security assessment; to validate the identified threats and vulnerabilities, in which tester is aware of actual weaknesses of the system
- Black-box or Grey-box testing in which tester may not be aware about the system
Penetration test is an authorized and a continual process to verify if application, network or systems are not vulnerable to security risks and the resources are not compromised. Penetration test does not represent a full security audit as it is just an attempt to breach security of a network or a system and such tests only represent a snapshot of a system at a moment of time.
Following are the different attach vectors developed by KPIT to compromise specific interfaces:
Attack Vectors Developed |
Interfaces Compromise |
| Scanning and enumeration | Bluetooth, Wi-Fi, USB |
| Compromise of credentials | Bluetooth, Wi-Fi |
| Escalation of privileges | Bluetooth, Wi-Fi, CAN |
| CAN message parsing and CAN Id identification (Black Box) | KANN |
| Reply messages | KANN |
| Denial of Service | KANN |
| Remote DoS | KANN |
| Low level memory access | ECU |
| Reverse engineering seed-key-response algorithm | ECU |
