Penetration Testing: Beating Hackers to the Chase Through Offensive Security

As a basic rule of any defense system, knowledge of the opponent is imperative. In The Art of War, Sun Tzu states that “He who knows his enemy and knows himself need not fear the result of a hundred battles.” The wisdom behind these words undoubtedly applies to defense in the cyber realm as well. Hackers trained to exploit and break into a system think in entirely different ways from a system engineer, programming a cyber-security system. Given that someone with that set of skills is the most likely party to break through one’s cyber-defense, would a complete defense strategy be complete without the hacker’s perspective?

This reality is what spurs the penetration testing industry – an amplification of cyber defense based on offensive defense. By employing professional hackers to intrude upon one’s system, companies have the opportunity to discover weaknesses in their security in a controlled environment well in advance of product finalization. Defects discovered after deployment of a product can lead to expensive recalls if they can’t be remotely patched. In areas as heavily regulated as the automotive industry, heavy penalties can be incurred and the damage to the affected brand’s reputation may persist for years.

As new connectivity platforms get added to vehicles, the previously isolated internal networks become exposed to a sea of threats, many of which have never been explored in an automotive environment. The marriage between resource-constrained, streamlined ECU designed to only perform a limited number of tasks to the dynamic environment that is long-range wireless communications has brought about large numbers of unforeseeable data vulnerabilities. This has fueled a slew of programs dedicated to training personnel capable of testing these new connected car systems for exploits.

The demand for automotive penetration testing services is today high and is only expected to grow. With legislation threatening heavy fines for misuse of consumer data like the GDPR becoming more common, automotive OEM and fleet owners are more wary than ever. The long-term benefits to investing in pre-market penetration testing of automobiles and their accessories far outweigh the initial costs.

In order to ensure the integrity of any security solution, it must be as a high priority from the outset of any product design. By involving experts trained in the hacking and exploiting vulnerabilities early on in the phase of any project the risk of a costly exploit being found later on is heavily mitigated.

Trillium’s secure platform is built with a hacker first mind-set and the SecureGO, SecureIXS, SecureOTA and SecureSKYE modules are perpetually tested by an internal Red Team, the Car Hacking Community at conventions like Defcon and on-going partnerships with external actors. Continuous work with eco-system partners allow Trillium to ensure that its platform is the market leading solution for keeping connected and autonomous vehicles safe from hacker attacks.