{"id":6928,"date":"2017-12-25T09:30:52","date_gmt":"2017-12-25T08:30:52","guid":{"rendered":"https:\/\/www.intellias.com\/?p=6928"},"modified":"2024-04-26T13:28:35","modified_gmt":"2024-04-26T11:28:35","slug":"assessing-security-car-head-unit","status":"publish","type":"post","link":"https:\/\/intellias.com\/assessing-security-car-head-unit\/","title":{"rendered":"Security Assessment of a Car Head Unit"},"content":{"rendered":"

Business challenge of a Fortune 500 company<\/h2>\n

Our client is a German auto manufacturer with annual sales totaling millions of cars across five continents. Managing multiple brands, the company produces a wide range of internal combustion engine and electric vehicles from motorcycles, family sedans, and SUVs to high-end sports cars, work vans, and light- and heavy-duty commercial vehicles. Our client has been a longtime member of the Fortune Global 500 list and has been steadily improving their ranking year over year.<\/p>\n

Modern cars are packed with high-tech gadgetry; they\u2019re really interconnected information systems on wheels. Engine controls, onboard diagnostics, active safety systems, infotainment systems \u2013 the average car nowadays has more computational capacity than the guidance system of the Apollo spacecraft. And with this complexity comes increased susceptibility to hacks and privacy breaches.<\/p>\n

With this in mind, our client wanted to perform a cybersecurity assessment<\/a> of the infotainment system installed in their family car range. To that end, our client selected Intellias as their technology partner to determine overall susceptibility to intrusions into safety-critical car subsystems through insecure in-car data transmissions.<\/p>\n

\"Security<\/p>\n

Solution delivered<\/h2>\n

Given the high profile of the client, for this project we engaged experienced security experts and test engineers who each hold Certified Ethical Hacking (CEH) and Offensive Security Certified Professional (OSCP) certifications. Our team\u2019s primary task was to analyze requirements and build a strong automotive security testing strategy and eliminate security threats to automotive can networks<\/span>. The actual testing involved attacks on a real car simulated at our client\u2019s car testing site.<\/p>\n

Our team spent about one month on-site in Germany performing a series of tests. These tests focused on assessing the safety and security of certain parts of the in-car infotainment system. We paid particular attention to certain head unit services that operate wirelessly through proprietary mobile applications. As part of our testing, we attempted to break into the car\u2019s inner systems by intercepting and meddling with the traffic flow between a smartphone and the head unit.<\/p>\n

Our engineers\u00a0also\u00a0applied\u00a0reverse engineering\u00a0techniques\u00a0to\u00a0parts of the head unit software.\u00a0As a result,\u00a0we\u00a0checked\u00a0how internal head unit services worked and\u00a0learned\u00a0how to better build our security tests.\u00a0<\/span><\/p>\n

Intellias\u00a0performed the following<\/b>\u00a0security<\/b>\u00a0<\/b>tests<\/b>\u00a0on\u00a0<\/b>a\u00a0<\/b>real\u00a0<\/b>car<\/b>:<\/b>\u00a0<\/span><\/p>\n