An electric vehicle manufacturer developing a connected mobility platform sought to secure in-vehicle systems, firmware update mechanisms, and assess cybersecurity risks across their software and hardware supply chain.
Tasks:
-
Analyze firmware update and OTA communications
-
Implement threat modeling for in-vehicle infotainment and telemetry systems
-
Evaluate supplier security practices
-
Deploy continuous monitoring for vehicle APIs and cloud services
-
Align security efforts with ISO/SAE 21434
Skills Involved:
-
Embedded system security
-
Secure Over-The-Air (OTA) update architecture
-
Threat modeling and attack surface mapping
-
ISO/SAE 21434 and UNECE WP.29 compliance
-
Supply chain/vendor risk analysis
Discovery & Process Outline:
The project began with a technical review of the connected vehicle’s architecture. The MSSP mapped the communication pathways between on-board systems and backend cloud platforms. Firmware security assessments were conducted, and a secure boot process was implemented. API endpoints for mobile apps and telematics services were tested for vulnerabilities. Supply chain audits revealed gaps in third-party software handling, prompting new procurement policies with defined security requirements.
Outcomes:
-
Secure OTA update implementation across all vehicle models
-
Centralized monitoring dashboard for all vehicle-cloud interactions
-
Supply chain risks reduced via vendor cybersecurity scoring
-
Industry-aligned secure development practices institutionalized
