Penetration Testing of Connected Car Mobile Apps

Business Challenges

As a recognized brand, our client has developed an IoT-based mobile app for their passenger cars. But being operated in online mode, the connected cars is vulnerable to hacks. Our client searched for a reliable security partner to ensure driver safety and privacy. They need a series of security assessments and penetration tests on their connected car app.

Technology Solution

We started our partnership with a series of requirements gathering workshops that involved key stakeholders. These workshops yielded valuable input for threat modelling. We identified different potential threat agents, vulnerabilities, and exploitation points. We performed both manual and automation tests, to identify loopholes and insecure storage of sensitive data.

To perform app security penetration testing, our team performed two types of attacks. We started with manipulation of the client-server exchange data consisting of credentials and permissions. To keep a check on the man-in-the-middle attack, we tried to intercept the client and server communication. Each testing round has a comprehensive report of identified vulnerabilities, and possible security patch.

Value Delivered

Identified critical safety issues like two-factor authentication bypasses and other vulnerabilities that exposed connected cars to cyber-attacks. Detect several medium security weaknesses, consisting of data leakage in the customer portal and unsafe storage of credentials. Enjoyed complete protection for their connected car ecosystem. Offer more fun and innovation to their customers while keeping them safe.