Hacking one of the largest Toll Management Company in the Philippines

Vulnerability Assessment and Penetration Testing of a Major Toll Management Company

BACKGROUND

The client was looking to improve its external security posture. They engaged NullForge to perform an External Penetration test, targeted mostly on the toll management system.

OBJECTIVE

Identify possible ways of manipulating the toll system – e.g. free access, card deactivation.

PROCESS

NullForge uses the same tools and tactics used by the bad guys. We use both manual and automated testing methods, and take advantage of both custom-built and industry available tools.

RESULT

The security posture of the client was deemed financially critical. Vulnerabilities in the system that allows for tampering and free access to the highway system was identified. The management app was also compromised and client sensitive information was exposed (e.g. Name, birthday, address, etc). PII exposure.

Comments