Vehicular systems, and more notably infotainment systems are a complex mixture of embedded systems, digital components (ECUs) and regular computing. As such, some of the most common and obvious steps found in the penetration testing processes must be reevaluated in this new context to maximize their efficiency and results.
For instance, while in a regular network penetration testing social network attacks are in one way or another an important cornerstone for security, it is virtually useless and can be ignored for car hacking. On the other hand, network connected devices, such as IVI systems benefit just as much from an ordinary portscanning as any corporate network can.
The thesis' goal is to execute a penetration test on an infotainment system and use the experience gained to develop a methodology that provides a general process that is usable in similar environments for finding security flaws. This new methodology is based on many established practices that have already proven their usefulness, and as such will hopefully provide a good foundation for future endeavors.