Scope
- Complete security assessment of modules involve
- Black Box and White Box testing
- Web application developed in Django and python
- Mobile application developed for Android OS
- BT Hardware module designed / fabricated chips custom
- Provide security consu ting in terms o encryption services
Standards Followed
- OWASP
- SANS
- BT module tested using standards for IoT based devices
- Electronic Signal encryption
Vulnerabilities Identified
Mobile Application Vulnerabilities
- Sensitive data exposure
- App Signed by Android Debug Certificate
- Debug is enabled
Bluetooth Hardware Module
- Excessive services running
Cloud Hosted Web Application
- Sensitive data exposure
- Eicher & Django Dashboard Login
- Session Hijacking
Key Achievements
- Identified Vulnerabilities in the BT module that could leak vehicle diagnostic and identification module data
- Identified web and mobile application had critical vulnerabilities that could expose entire solution design, provide remote code execution capabilities
- Identified data exposure vulnerabilities using MITM attack vectors
- Weakness in cipher techniques of BT signal
