IoT Penetration Testing : Examining the cyber security of connected vehicles

Abstract: The connected car is rapidly becoming the norm in the automotive industry. With connected devices playing such a big part in today’s society our view of what constitutes a car is beginning to change. The new technologies that has become a part of the modern connected car offers the drivers a lot more functionality but could also potentially create new attack vectors for hackers to exploit. In this report we examine some of the technologies central to the connected car and some attacks which can be used to exploit them. With a focus on Eavesdropping and Spoofing attacks we explore the potential lapses in security of the modern car. In collaboration with ViBilägare we perform a select few attacks on three different models of connected cars with the aim of learning more about their security against potential hackers. The three car models explored are Hyundai Ioniq 5, Seat Leon and Nissan Qashqai. From the result of our tests we draw conclusions and speculate towards the security of the cars and attempt to pinpoint both strengths and weaknesses in the cars as well as suggest potential improvements.