Home Automotive Security Testing

Automotive Security Testing

Security partners for the industry

For automotive vendors offering components, devices, and solutions (website/application), who would like to be ready for upcoming security requirements and ensure customer safety and security, Riscure offers unique holistic services fortified by years of experience.

Riscure is a recognized security testing laboratory with experience in security assessment and testing of individual components (SOC, ECU microcontroller, mobile and server applications, etc.) as well as reviews of security-focused technologies (TEE/OS, communication protocols, secure boot, cryptographic functionality and robustness of countermeasures). We offer market-focused security training, tools, and security assessment and advisory.

With the advancement of security requirements as well as the development of highly sophisticated technology, the automotive market is facing new challenges during the development and sales of vehicles and their required components.

UNECE R155, as well as R156, are addressing cyber security-relevant aspects during the development, design, and implementation of automotive products, referencing the ISO 21434 standard. Other notable developments in the market include SAE J3101 security requirements for hardware components as well as a chipset-oriented common criterial protection profile for V2X.

To help our customers understand automotive security standards and requirements, Riscure created the training Automotive Security & ISO21434 learning path. Additionally, Riscure provides services to assess the products and development cycles according to these standards. Additionally, we create, work with and commercialize security testing tools.

Riscure’s automotive security team, consisting of both automotive and security experts, supports vehicle manufacturers and their suppliers to make their vehicles, products, and accompanying services secure and compliant with regulation.

Track record

Riscure has performed >50 security evaluation projects for >25 customers, including

  • Source code reviews for Tier 1s and Tier 2s
  • Architecture/design reviews for Tier 1s and Tier 2s
  • Design reviews and secure boot reviews on chipsets for Top-10 semiconductor powerhouses
  • Vulnerability analysis and penetration testing for Tier 1 solutions

Key questions we can help you with

I am developing a new solution for which I want a robust security result, where do I start?

Our Security Canvas workshop is a custom module with which your development team can engage with our security analysts to define valuable assets, attacker profile, threads and attack trees.  The result of the workshop is clear security guidance for your development team to embed in the solution.

Can you verify and improve the security level of my automotive solution?

We can offer an extensive range of services like review of individual components (SOC, ECU microcontroller, etc), communication protocols and automotive network design in terms of attack surface, secure boot, cryptographic functionality, robustness of countermeasures, review of TEE/OS, and so on.

How can I protect against IP theft and reverse engineering?

We have over a decade of experience of testing for hardware level attacks with the aim to extract firmware.  Our analysts will be able to confirm the risk level associated with your solution.

I have implemented Secure Boot, use a TEE and an HSM to protect keys. Is my vehicle secure?

Adding security features alone won’t make a solution secure.  We can participate from the development process onwards with threat modeling, secure design as well as testing and verification along the development path.

How can I protect V2V/V2I deployments?

Riscure has supported several industries who have extensive experience with secure communication protocols, including secure OTA updating.  We will not only review the design, but also effectively test for cryptograhpic robustness.

Protect your firmware!

While testing for logical attack paths is very important… do not underestimate how a hardware attack can extract firmware from a control unit to create a “white box” and from there trigger scaleable logical attacks much more easily. Firmware protection is not only IP protection, but also prevents an easy path to logical attacks.

  • Contact us
  • Pascal van Gimst

  • Vice President Global Services Sales and Business Development