Penetration Testing - Active Shuttle Security

Dear Freelancers,
let me please introduce you to a new project:

This project is about performing a Penetration Test of the above “Subject System” to validate the effectiveness of security measures that have previously been implemented according to a Security Concept and identify potential weaknesses that may increase its susceptibility to an attack.

Input for the test are the results of interviews, the project documentation delivered by the customer as well as security requirements delivered by the customer referring to the subject system. In addition, the results of previous security activities like a (threat and) risk analysis or existing security concepts will be considered. The penetration test is based on recognized standards and best practices according to the subject system.

-Very well-versed and long experienced in Security and Penetration Testing
-Experience in interface communication (APIs, bus systems)

AMR (AMR: Autonomous mobile robot: “AMR”, in this case the Robot “Shuttle”) device (third generation model “AS 2.1”, driving latest Software Version 2.7)
WiFi interface
Ethernet interface
Touch display and kiosk application (blackbox)

Configuration interface page (reachable via Ethernet and WiFi)
Communication between internal components via Ethernet (explorative test)
Communication to the fleet manager using VDA5050 based communication
Communication to the Map Update Server (MUS), based on TCP/IP, and the used transport encryption (explorative test)

The test might require physical access to the vehicle and thus test execution onsite at Bosch location

AMS (AMS: ActiveShuttle Management System) 2.0 web application, incl. (but not limited to)
Authorization checks and checks if the role-based access model is correctly enforced
Check for insecure direct object references (IDORs)
Web based user interfaces for general vulnerabilities
Machine 2 Maschine interfaces: All endpoints/functionalities according end customer documentation
REST (Swagger based)
Websocket
VDA5050 Interface to the AMR vehicles using MQTT & json
Interface to the Map Update Server (MUS)
The test can be performed remotely via the internet
Underlying infrastructure (Docker Compose/Kubernetes Helmcharts, approx. 20 containers on 1 host)
Network scan (blackbox)
Docker Compose file audit (whitebox)
Kubernetes Helmchart audit (whitebox)
The test can be performed remotely via the internet

A report containing:

Description of the test object, the agreed test scope and (overview of) executed test scenarios
A management summary, that provides an overview of the found vulnerabilities and their potential impact as well as the test objects general state from a security perspective.
General information about the test execution e.g. test methodology
Detailed description of the found vulnerabilities, including a rating according to CVSS v3.1 or newer base score, evidence, suggested measures to mitigate the vulnerabilities and additional information needed to reproduce the finding.

A final presentation of the results

Month Task Workload (approx.)
September PenTest Preparation 40%
Oktober PenTest Execution 100%
November PenTest Evaluation 50%

Same workload planned for Q1 in 2025

Main Tasks

Collection of relevant information & documentation of the subject system
Definition of scope (Telco/Workshop)
Organizational & technical preparation of the defined prerequisites
Kick-Off with contact partner (Telco) if necessary
Conduction of penetration test
Documentation of findings and results
Debriefing with contact partner (Telco) and tester if necessary
re-test of implemented mitigation measures