Our client, one of the India’s biggest automotive brand, operates dozens of manufacturing units across Asia. Their production workforce has over 25k people. Our client’s vehicle range includes of every kind, size, and purpose. The automotive industry has seen a very limited innovative technologies. The IoT-based connected car is the one to consider. They were looking for a technology partner to get their mobile app tested and secure from possible hacks. With years of diverse experience in the cybersecurity domain, OrangeMantra was a good fit.
As a recognized brand, our client has developed an IoT-based mobile app for their passenger cars. But being operated in online mode, the connected cars is vulnerable to hacks. Our client searched for a reliable security partner to ensure driver safety and privacy. They need a series of security assessments and penetration tests on their connected car app.
We started our partnership with a series of requirements gathering workshops that involved key stakeholders. These workshops yielded valuable input for threat modelling. We identified different potential threat agents, vulnerabilities, and exploitation points. We performed both manual and automation tests, to identify loopholes and insecure storage of sensitive data.
To perform app security penetration testing, our team performed two types of attacks. We started with manipulation of the client-server exchange data consisting of credentials and permissions. To keep a check on the man-in-the-middle attack, we tried to intercept the client and server communication. Each testing round has a comprehensive report of identified vulnerabilities, and possible security patch.
Identified critical safety issues like two-factor authentication bypasses and other vulnerabilities that exposed connected cars to cyber-attacks. Detect several medium security weaknesses, consisting of data leakage in the customer portal and unsafe storage of credentials. Enjoyed complete protection for their connected car ecosystem. Offer more fun and innovation to their customers while keeping them safe.