Penetration Testing

Uncover critical cyber vulnerabilities
and validate the final release before SOP

Karamba Security's Penetration Testing services enable automotive or IoT OEMs and Tier-1 suppliers to validate their product release before SOP. Karamba has embraced the continuous pen-testing approach, as part of the shift-left practice which recommends starting pen testing as early as the development stage. Karamba performs continuous, automated, vulnerability scanning as part of the CI/CD pipeline. Testing can be carried out on premise, or at Karamba's testing labs.

We pen-test images and interfaces at several levels: vehicle, subsystems, and component software, and satisfy cybersecurity regulations such as ISO/CSMS, UNR, and Chinese GB.

With expertise in embedded software development and security research techniques, and a track record of dozens of pen-testing projects, our team tailors the pen-testing plan to fit our client’s architecture and timeline, prioritizing safety and customer privacy (PII) issues that comply with regulatory requirements.

Pen-testing Objectives and Scope

Karamba performs verification and validation tests to verify that cybersecurity mitigations are in place and are effective against hacking, and to confirm that the number of weaknesses and vulnerabilities in the release candidate is minimal. The work is documented and summarized in the required Work Products (WPs).

An End-to-End Pen-testing project ideally has a comprehensive scope, coverage areas such as:

  • In-vehicle connectivity (CAN, Lin, Ethernet)
  • Firmware upgrade process
  • HSM + Key management
  • Secure Boot
  • Diagnostics
  • OS/BSW, VM, and external libraries

Pen-testing Methods

To accomplish standards’ objectives, and be practical about cybersecurity testing, Karamba recommends using the "Gray box" approach. This approach saves time, reduces budgets, and allows the pen testers to identify many more findings, faster, and with reasonable efforts.

Gray box

“Gray Box”

Karamba's researchers provide assistance to the external tester with documentation, images, and keys.

Black box

“Black Box”

Karamba can mimic the attack on the vehicle and provide a “status report” from expert attacker perspective.

White box

“White Box”

The Karamba engineers perform testing based on extensive code review.

  • Stage 1 – Setup: The team examines all relevant documents, to understand the target system behavior and possible security focus areas. The testing environment is set up to simulate relevant attack scenarios. Karamba’s Custom Cybersecurity Lab setup is used whenever possible, to reduce costs and assure consistency among projects. The TARA process is used to prioritize findings and focus on critical issues.
  • Stage 2 – Fuzzing and Interface testing: Other important techniques include fuzzing by sending invalid random data into the unit, causing it to crash and reveal bug flaws, and vulnerability assessment, identifying any vulnerability in the image.
  • Stage 3 – Reverse engineering: Researching the actual binary image of the components provides a deep understanding of the interface testing results and can identify vulnerabilities in the implementation of the application or the security mitigations.
  • Stage 4 – Report and Presentation: Working closely with R&D teams through weekly status meetings, the researchers share findings as early as during the development stage. At the end of the project, Karamba’s team presents reports, guidance, and remediations best suited to the customer's needs.

The resulting findings report includes:

  • Approach and findings
  • Test methods and tools
  • Details of vulnerabilities found, with their severity
  • Reproduction instructions
  • Recommended fixes and improvements
  • Verification and validation evidence for the assessor

This report can then be submitted as part of the relevant standard format: for example, UN R155’s Work Products package.

Karamba Security's Pen testing is just one of our End-to-End Product Security Portfolio elements that enable our customers to discover, mitigate and manage security vulnerabilities in their products, ECUs and vehicle types. Karamba leverages automated tools and a cost-effective pragmatic approach, enabling customers to expedite their compliance with cybersecurity standards without slowing down innovation.


Learn more about Karamba's Penetration Testing Options


Karamba Security’s Pen Testing Services

Read about how the Karamba research team can find vulnerabilities in your system and provide recommendations for important mitigation steps and common practices your organization should adopt.

Contact us to discuss your Pen Testing plans!



24 HaNagar Street
Hod Hasharon
Tel: +972 9 88 66 113



41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA



Landstr. 264, Munich
Tel: +49 892 1547 7583