intrus.io
Automotive

Pentest for Automotive and Mobility

Offensive security in OEMs, auto parts, vehicle connectivity, telematics and mobility platforms.

Request automotive pentestSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Cars are now computers on wheels. CAN bus, ECU, infotainment, OTA, telematics — every vector is an entry point. A cybersecurity-driven recall costs hundreds of millions and may involve criminal liability for defective products.

Applicable regulation

UN R155 (cibersegurança veicular)UN R156 (OTA)ISO/SAE 21434LGPD

/attack-surface

Vectors we test in automotive

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

ECU and CAN bus

Firmware analysis, OBD-II exploitation, CAN bus manipulation.

02

Infotainment / IVI

Android Automotive testing, QNX, integration with driver app.

03

Telematics and V2X

TCU, cellular communication, V2V and V2I.

04

OTA (Over-The-Air)

Signature audit, rollback, update channel integrity.

05

Mobility platform

Driver app, fleet management, insurance integration.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Formula 1 client — top-tier automotive standards.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Automotive

Do you cover UN R155?

Yes. We operate aligned to UN R155, R156 and ISO/SAE 21434 for homologation and CSMS.

Do you serve tier 1 auto parts?

Yes. ECU, gateway, TCU and tier 1 OEM platform pentest.

/contact

Ready for a serious pentest in automotive?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers