Penetration testing for Automotive

Secure your embedded systems from the inside out

Detect vulnerabilities and get structured, in-depth risk evaluation with penetration testing service.

Did you ever find yourself in this situation?

Security gaps can disrupt operations and expose systems to risk. If your organisation has experienced any of the following, it’s time to introduce proactive security measures: 

  • Thorough testing was not conducted by the client 
  • Unexpected project iterations emerged 
  • A client received a customer complaint and wanted to investigate 
  • Team allocation changes were preventing test execution 
  • There was an urgent need for rapid verification 

Leverage cybersecurity expertise

These days, security is not just a feature of your system. As part of our services, we design cybersecurity processes and analyse existing ones. We support the development of products according to up-to-date regulations and standards. 

ISO 21434/IEC 62443 software-level implementation

Meet the highest security benchmarks by embedding cybersecurity standards into software development, safeguarding systems against emerging threats. 

ISO 21434/IEC 62443 system-level support

Overcome complex system-level cybersecurity challenges with expert support. Seamlessly integrate advanced security protocols to maintain a resilient, compliant system architecture. 

Cybersecurity analysis (TARA/VA)

Identify and address security gaps with our advanced Threat and Risk Assessment (TARA) and Vulnerability Analysis (VA), turning potential weaknesses into strategic advantages. 

Residual risk reporting

Gain clear insights into cybersecurity risks with detailed reports, enabling informed decisions to enhance system protection. 

CSMS design and deployment

Develop a tailored Cyber Security Management System (CSMS) that adapts to your organisation’s unique security needs, safeguarding critical digital touchpoints. 

Software composition analysis (SCA)

Detect and remediate vulnerabilities in open-source and third-party components while ensuring compliance and robust supply chain security.

CI/CD cybersecurity test integration

Automate vulnerability detection and enforce compliance by embedding security testing into your CI/CD pipeline without disrupting development workflows. 

Fuzzing and penetration testing

Strengthen digital defences by simulating real-world cyberattacks using advanced fuzzing and penetration testing techniques. 

Technology sectors and expertise

Battery management system

Automotive

Automotive

Protecting vehicle systems, Electronic Control Units (ECUs), and advanced communication protocols is essential. Benefit from our expertise in CAN bus (including UDS), Ethernet (such as DoIP), and complex automotive networking to strengthen cybersecurity resilience.

Industry 4.0

Industry 4.0

Secure industrial automation, smart manufacturing systems, and Industrial Control Systems (ICS). Our advanced security measures protect Operational Technology (OT), OPC UA, PROFINET, and other critical protocols.

Regulation of AI in healthcare in 2024

Healthcare & Life Sciences

Healthcare & Life Sciences

Ensure the security of medical devices and healthcare systems with robust data transmission and interoperability solutions. Cybersecurity is mandated by regulations in key medical markets, and our expertise helps safeguard against evolving threats.

Defence and aerospace

Defense & Aerospace

Defense & Aerospace

Strengthen mission-critical networks, secure avionics, and encrypted communications. By complying with MIL-STD and DO standards, your organisation can achieve regulatory alignment and robust system security.

EU MDR and IVDR deadline extension: what you should know

Embedded systems

Embedded systems

Implement reliable security measures for the Internet of Things (IoT), medical devices, and industrial machinery with our expertise in embedded architectures and connectivity standards.

penetration testing

Communication interfaces

Communication interfaces

Enhance device interconnectivity with secure implementations of CAN bus, Ethernet, WiFi, and Bluetooth protocols.

procesor penetration testing

Operating system environments

Operating system environments

Maintain security across POSIX-compliant systems, Real-Time Operating Systems (RTOS), and Yocto Project-based platforms for flexible, efficient software development.

penetration testing

Enterprise solutions

Enterprise solutions

Develop scalable, high-performance backend infrastructures and web applications with a security-first approach, ensuring long-term protection.

Download a sample anonymised pentest UDS report

This report demonstrates the in-depth analysis and actionable insights we provide to help businesses like yours identify and resolve key challenges. 

UDS pentest report

Penetration testing approaches by Spyrosoft

01

Basic penetration testing

A structured cybersecurity assessment over 2–3 weeks focuses on: 

  • A standardised testing framework 
  • Covering 315 test positions 
  • A methodical, step-by-step evaluation 
  • Establishing core security benchmarks 
  • Identifying foundational vulnerabilities 
02

Advanced penetration testing

A sophisticated, research-driven approach spanning up to six months focuses on: 

  • Extensive cybersecurity research 
  • Development of innovative attack methods 
  • Expansion of basic testing techniques 
  • Identifying strategic security gaps 
  • Applying diverse attack strategies 

Penetration testing methodology

Spyrosoft’s proprietary method built on MITRE ATT&CK – a trusted, widely used framework for threat detection, defence, and incident response. 

edit_document

1. Information gathering

  • Systematic intelligence collection 
  • Environmental interviews
  • Open-source intelligence (OSINT) analysis 
search

2. Reconnaissance

  • Systematic interface scanning 
  • Network traffic interception and analysis 
  • Detailed operating system profiling 
checklist

Analysis and exploitation

  • Vulnerability identification and mapping 
  • Threat severity assessment 
  • Targeted device and system penetration testing 
list_alt

Reporting and remediation

  • Detailed documentation of findings 
  • Strategic mitigation recommendations 
  • Post-patch verification scanning 

Why choose Spyrosoft for cybersecurity?

Strengthen your defences against evolving threats 

Spyrosoft is your one-stop shop for all cybersecurity needs. Robust security measures and effective solutions ensure proactive defence against sophisticated attacks. 

Key benefits of our solutions 

  • Prevent system breaches before they occur 
  • Implement advanced access control mechanisms 
  • Safeguard critical infrastructure from cyber threats 

Trusted expertise 

With industry-leading certifications (ISO 21434, IEC 62443, ISO 27001) and proprietary testing methodologies, your organisation benefits from a security strategy that ensures compliance, operational integrity, and long-term resilience. 

Explore penetration testing reports

UDS protocol
01

Securing UDS protocol over the CAN bus interface

Penetration testing of a Gateway ECU revealed security flaws in UDS protocol implementation over the CAN bus. The assessment identified misconfigurations, weak authentication, and entropy weaknesses in random number generation. 

  • XCP interface was active and should be disabled 
  • Unauthenticated write access to specific DIDs required restriction 
  • Weak entropy in UDS random number generation posed a security risk 
02

Medical device security assessment

A surgical visualisation device penetration test revealed security gaps in UI, USB, WLAN, LAN, RFID, and Bluetooth interfaces. The assessment identified weaknesses in web infrastructure, access control, and input validation. 

  • Strengthen server-side controls to prevent reliance on client-side validation 
  • Improve API access controls to prevent unauthorised data exposure and privilege escalation 
  • Enhance input sanitisation to mitigate malicious input risks 
03

Vehicle datalogger security assessment

A penetration test of a vehicle datalogger uncovered critical security flaws in authentication, SSL certificate handling, and CAN bus communication, exposing risks of unauthorised access and system manipulation. 

  • The default root password was publicly available, requiring immediate removal 
  • SSL certificates were accepted without validation, enabling spoofing and TLS downgrade attacks 
  • CAN bus connection allowed potential DoS attacks and malicious signal injection 
01
Securing UDS protocol over the CAN bus interface
02
Medical device security assessment
03
Vehicle datalogger security assessment

Get a free penetration test report

Tomasz Lokietek

Tomasz Lokietek

Head of Embedded Functional Safety and Cybersecurity