Automotive ECU hardening

Outcome: Reduced exploitable firmware surface by 78% and supported supplier ISO 26262 audit.

Challenge

Client required a supplier‑level security and safety readiness review for a gateway ECU with OTA capability and multiple external interfaces.

Approach

We performed threat modelling, static and dynamic firmware analysis, protocol fuzzing and RTOS fault injection. Findings were triaged and remediations implemented with regression tests added to CI.

Result

Exploit surface reduced by 78%; supplier passed ISO 26262 audit with our safety case artifacts; field recall risk materially reduced.