Penetration testing is an attempt to breach security of a network or a system (ECU) to know the extent the system could tolerate real world attack patterns, level of ability attacker needs to have to compromise the system, additional countermeasures required to make the system secure.

Penetration testing done in two ways:

  • After security assessment; to validate the identified threats and vulnerabilities, in which tester is aware of actual weaknesses of the system
  • Black-box or Grey-box testing in which tester may not be aware about the system



Penetration test is an authorized and a continual process to verify if application, network or systems are not vulnerable to security risks and the resources are not compromised. Penetration test does not represent a full security audit as it is just an attempt to breach security of a network or a system and such tests only represent a snapshot of a system at a moment of time.
Following are the different attach vectors developed by KPIT to compromise specific interfaces:

Attack Vectors Developed

Interfaces Compromise

Scanning and enumeration Bluetooth, Wi-Fi, USB
Compromise of credentials Bluetooth, Wi-Fi
Escalation of privileges Bluetooth, Wi-Fi, CAN
CAN message parsing and CAN Id identification (Black Box) KANN
Reply messages KANN
Denial of Service KANN
Remote DoS KANN
Low level memory access ECU
Reverse engineering seed-key-response algorithm ECU