Penetration Testing

Karamba Security's Penetration Testing services enable OEMs and Tier 1 suppliers to uncover critical cyber vulnerabilities and validate the final release before SOP. We pentest images and interfaces of the vehicle, subsystems, and component software levels, identifying and prioritizing weaknesses according to the ISO/SAE 21434 standard.

With a track record of dozens of pentesting projects, our team of experts identifies vulnerabilities and explains cyber-attack scenarios. After weaknesses are identified, our team prioritizes their fixes according to possible exploit impact and likelihood and then updates the TARA as needed.

To develop the required ISO/SAE 21434 Work Products (WP-10-05, WP-10-06, WP 10-07, WP-11-01) Karamba performs Verification and Validation tests:

• Verify that cybersecurity mitigations are in place as planned, and are actually effective against hacking!
• Confirm a minimized level of weaknesses and vulnerabilities in the release candidate, including design-level weaknesses (whether identified or not in the TARA).

Examples of the pentest scope that usually delivers the most value to the OEM and Tier 1 in addressing the standards expectations and reducing risk levels:

• Test in-vehicle connectivity (CAN, Lin, Ethernet)
• Firmware upgrade process
• HSM + Key management
• Secure Boot
• Diagnostics
• OS/BSW, VM, and external libraries

Karamba Security's Pentesting is just one of our End-to-End Product Security Portfolio elements that enable our customers to discover, mitigate and manage security vulnerabilities in their ECUs and vehicle types. Enabling customers to expedite their compliance with cybersecurity standards without slowing down innovation, Karamba leverages automated tools and a cost-effective pragmatic approach.