Car pentesting growing in importance as autos become more connected

As the automotive industry becomes more and more tech-centric, it needs to make sure connected cars are secure. That’s made penetration testing, or pentesting, a major factor in how the electronic control units (ECUs) in new cars are made airtight against hackers.

New world. As IT Brew reported in February, the changing tech is offering opportunities for hackers to get inside your dashboard.

“It’s kind of a complicated technology—so in the future, you’re going to see vulnerabilities,” Yuga Labs Staff Security Engineer Sam Curry told IT Brew at the time.

Roman Lysecky, founder and CTO of IoT monitoring company BG Networks, wrote about the new state of play in a June 7 column for Embedded Computing Design.

“Without penetration testing, it is impossible to know if a device is truly secure,” Lysecky wrote. “No one would consider releasing an automotive ECU without extensive testing of core features for functionality and safety.”

Cash money. Lysecky argued that the high number of devices that need to be secure and the relatively limited number of pentesters who can provide service are combining to drive up prices at a time when the industry can ill afford it.

That means remote testing options, like BG’s new CRATE system, will  increase in importance. BG isn’t the only company offering automotive pentesting. ETAS, a Bosch subsidiary, is also selling the service.

“Overcoming these challenges requires specialized skills and expertise in automotive ECU security testing, as well as a thorough understanding of the unique characteristics of automotive systems,” Lysecky wrote. “Pentesters must be able to work with a wide range of tools and techniques to identify vulnerabilities and provide recommendations for remediation.”