Anyone who wants to know how well their networked systems are prepared to fend off cyber attacks must put themselves in the position of the potential attacker. And this is especially true for the connected car and its numerous interfaces. For this reason, the security experts from T-Systems use penetration tests to attack components of the connected car on behalf of the customers.
The targets of a hacker attack against a connected vehicle are as varied as the methods that can be used. Compromising systems, stealing confidential information or influencing the availability of services are just a few examples. By putting themselves in the role of the attacker and adopting their ways of thinking as well as their attack procedures, cybersecurity specialists can reliably identify and check technical vulnerabilities in order to derive targeted countermeasures.
With penetration tests, the experts from T-Systems check hardware components, interfaces, applications and networks in and around the connected vehicle.
The pentesters of T-Systems always follow a two-track approach. Virtually fully automated vulnerability assessments reveal the weak points for attacks on IT systems that are already known. However, if previously unknown - and above all automotive-specific - security gaps are to be identified, manual penetration tests are required. These systematic, flexible tests with realistic attack methods and tools are designed to uncover vulnerabilities before they can be exploited.
The procedure is based on established process models for the execution of penetration tests.
The testing of critical infrastructures is part of a comprehensive IT security strategy. As an ICT service provider, T-Systems has the know-how and the required independence to critically analyze the security status of your systems and applications. We determine the specific scope and type of testing together with you in advance, based on your business objectives and security requirements. As a result of the penetration tests, T-Systems produces a detailed final report that lists and prioritizes all identified security vulnerabilities and contains specific recommendations for eliminating them.