Uncover critical cyber vulnerabilities
and validate the final release before SOP
Karamba Security's Penetration Testing services enable automotive or IoT OEMs and Tier-1 suppliers to validate their product release before SOP. Karamba has embraced the continuous pen-testing approach, as part of the shift-left practice which recommends starting pen testing as early as the development stage. Karamba performs continuous, automated, vulnerability scanning as part of the CI/CD pipeline. Testing can be carried out on premise, or at Karamba's testing labs.
We pen-test images and interfaces at several levels: vehicle, subsystems, and component software, and satisfy cybersecurity regulations such as ISO/CSMS, UNR, and Chinese GB.
With expertise in embedded software development and security research techniques, and a track record of dozens of pen-testing projects, our team tailors the pen-testing plan to fit our client’s architecture and timeline, prioritizing safety and customer privacy (PII) issues that comply with regulatory requirements.
Pen-testing Objectives and Scope
Karamba performs verification and validation tests to verify that cybersecurity mitigations are in place and are effective against hacking, and to confirm that the number of weaknesses and vulnerabilities in the release candidate is minimal. The work is documented and summarized in the required Work Products (WPs).
An End-to-End Pen-testing project ideally has a comprehensive scope, coverage areas such as:
- In-vehicle connectivity (CAN, Lin, Ethernet)
- Firmware upgrade process
- HSM + Key management
- Secure Boot
- OS/BSW, VM, and external libraries
To accomplish standards’ objectives, and be practical about cybersecurity testing, Karamba recommends using the "Gray box" approach. This approach saves time, reduces budgets, and allows the pen testers to identify many more findings, faster, and with reasonable efforts.
- Stage 1 – Setup: The team examines all relevant documents, to understand the target system behavior and possible security focus areas. The testing environment is set up to simulate relevant attack scenarios. Karamba’s Custom Cybersecurity Lab setup is used whenever possible, to reduce costs and assure consistency among projects. The TARA process is used to prioritize findings and focus on critical issues.
- Stage 2 – Fuzzing and Interface testing: Other important techniques include fuzzing by sending invalid random data into the unit, causing it to crash and reveal bug flaws, and vulnerability assessment, identifying any vulnerability in the image.
- Stage 3 – Reverse engineering: Researching the actual binary image of the components provides a deep understanding of the interface testing results and can identify vulnerabilities in the implementation of the application or the security mitigations.
- Stage 4 – Report and Presentation: Working closely with R&D teams through weekly status meetings, the researchers share findings as early as during the development stage. At the end of the project, Karamba’s team presents reports, guidance, and remediations best suited to the customer's needs.
The resulting findings report includes:
- Approach and findings
- Test methods and tools
- Details of vulnerabilities found, with their severity
- Reproduction instructions
- Recommended fixes and improvements
- Verification and validation evidence for the assessor
This report can then be submitted as part of the relevant standard format: for example, UN R155’s Work Products package.
Karamba Security's Pen testing is just one of our End-to-End Product Security Portfolio elements that enable our customers to discover, mitigate and manage security vulnerabilities in their products, ECUs and vehicle types. Karamba leverages automated tools and a cost-effective pragmatic approach, enabling customers to expedite their compliance with cybersecurity standards without slowing down innovation.
To date, we've successfully completed two penetration testing projects with Karamba. In both cases, the researched systems contained several components (RTOS, Linux, Windows) and various communication protocols (Wi-Fi, Bluetooth, LAN). Overall, we were highly satisfied with Karamba's pen-testing process and delivered results. Karamba's process was delivered on time, and thorough, yielding significant security findings. Consequently, they allowed us to harden the cybersecurity of those products, improving the overall safety, quality, and value of our products to our customers.
Iftach Recht, System Engineering and Cybersecurity Manager (Stanley Healthcare Services, Stanley Black & Decker)
Our Tier 1 customer was developing a new automotive ECU in response to an OEM RFQ. The product needed to support Ethernet communication, and the timeline was very tight. With no set-up time, Karamba Research & Consulting was able to analyze the product capabilities and identify the possible security issues. Most importantly, the Karamba Research team determined how to mitigate the security risks in the ECU. They provided the customer with a comprehensive report, detailing threat scenarios and their security recommendations. The Karamba team also worked with the customer throughout the RFQ process to support interactions with the OEM.
Threat Assessment Use Case
Contact us to discuss your Pen Testing plans!
24 HaNagar Street
Tel: +972 9 88 66 113
41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA
Landstr. 264, Munich
Tel: +49 892 1547 7583