One of the world’s foremost provider of web services to the automotive industry approached Anitian with a unique challenge. The client develops and hosts a complex web service used to disseminate content and services directly to infotainment systems in cars. These services are not a typical web page. They use a unique API and sophisticated schema. These services also are under intense attack from hackers, especially given recent vulnerabilities disclosed in automotive systems.

The client wanted to ensure these services were hardened from attack and compromise. They needed more than just a penetration test, but a creative approach. They needed somebody to think like a hacker.

Anitian designed a web application testing regimen specifically for this client. This required developing specialized exploits using our customized implementation of Metasploit. During our tests, Anitian discovered numerous, unique vulnerabilities, some of which were zero-day vulnerabilities. Working side-by-side with our client, they updated their code to provide enhanced protections from not only known vulnerabilities, but the zero-day exploits Anitian discovered as well.

Six months after our work, researchers revealed a series of hacks to automotive systems at BlackHat. However, auto companies that used our client’s software were the only manufacturers singled out as being secure. Those systems were secure because Anitian helped make them that way.

The Bottom Line

While BlackHat hackers are trying to crack systems open, Anitian is working behind the scenes to keep them secure. We know how the hackers think, and we helped keep our client a step ahead.