A part of FEV Group
Penetration testing on commercial eAxle system, telematic units, and engineering software application for truck supplier
Used solutions
-
Functional Safety & Cybersecurity, Infotainment & Connected Mobility
Find the latest events here
A part of FEV Group
Introduction
FEV.io supports multiple customers in penetration testing and fuzz testing on embedded systems

Background
FEV.io was contracted by automotive and truck industry suppliers to perform penetration testing on commercial eAxle system, telematic units, and engineering software application.
Approach
Our penetration testing is conducted based on the NIST SP 800-115 – Technical Guide to Information Security Testing and Assessment, OWASP Application Security Verification Standard (ASVS), and in-house customized testing frameworks.
FEV.io identifies vulnerabilities through manual and automated enumeration ensuring full coverage. We perform exploitation through black box, gray box, and white box approaches to demonstrate the cyber-resiliency level of systems in scope against diverse cyberattack scenarios. We incorporate Common Vulnerability Scoring System (CVSS) into our tailored Criticality scales to evaluate the impacts of the findings on the systems in scope.
Impact
- Performed hardware testing to bypass embedded security controls
- Reverse-engineered OEM-ready software application to expose vulnerabilities
- Disclosed high severity protocol-level vulnerabilities that led to full control of the targeted ECUs
- Disclosed critical severity vulnerabilities on service web portals that led to full control of the telematics unit
- Developed In-house scripts that bypassed UDS authentication algorithms
- Performed CAN injection attacks resulting in disruptive behaviors that violate cybersecurity and safety requirements
- Supported system engineering teams with remediation strategy & re-tests
