The client is one of the leading automobile manufacturers. They wanted to conduct security assessment for their web and mobile platform to provide the drivers with a convenient and easy to use interface to monitor and manage their car.
Being an automobile manufacturer, the system security of a new car was the top priority. The vehicle’s web and mobile platforms were designed to provide drivers with a convenient and easy-to-use interface to monitor and manage the car.
As far as the performance is concerned, the platform worked accurately. To prevent it from any outside interference, they wanted to uncover any unknown vulnerabilities that might put the driver or the vehicle at risk.
By focusing on the mobile application-programming interface, we tested a series of testing scenarios.
Using the credentials from a test account, we pivoted outside of an assigned environment and gained the control of other vehicles using Vehicle Identification Number.
By exploiting vulnerabilities discovered in hidden and undocumented interfaces, we were able to harness GPS, functions to locate cars, lock and unlock vehicles, and perform other malicious tasks.
We performed assisted remediation of the vulnerabilities found and corrected the loop holes.
With comprehensive evaluation of web and mobile, the company covered up the loopholes and errors that could have led to a major cyber-attack.