Automotive Industry

Challenges

Vehicle development and production has exponentially increased the wireless and Bluetooth connectivity between internet connected devices and vehicles.  Wireless connectivity gives the end user more ease-of-use within the vehicle, like GPS, internet streaming music, operating system analysis, and vehicle security, however that same connection can be vulnerable to a cyberattack that can steal sensitive data or even disable fleets of vehicles.

The client knew the importance of dynamic application security testing, specifically a black box fuzzer tool. They inquired about BeSTORM because it is a smart, black-box, generative fuzzer.  It generates inputs from scratch based on the protocol, files specification, and format for the more than 250+ supported predefined modules. 

Black box fuzzing needed to be the focus as it doesn’t require access to development source code and fuzz testing simulates attacks using the same methods a malicious actor would use.  The client was leveraging a combination of open source fuzzers and symbolic execution tools. This pairing was inefficient and did not provide enough reach. A solution to allow them to cover a broader range of vulnerability detection and enhance their abilities with more advanced and automated fuzzing techniques, such as dynamic analysis, was desired.  BeSTORM satisfied all of these user requirements.

Another beneficial feature that the client was looking for was the ability to identify security vulnerabilities in the developmental phase.  This is important because any weakness that is uncovered can be remediated before the product is launched.   No expensive recalls, no costly downtime, and security remediation is applied in a developmental lab setting. BeSTORM checked the box on this.

The Solution

BeSTORM specializes in testing Internet of Things (IoT), Bluetooth, and wireless connective systems on automotive devices during the development phase.  It can test hardware and software in one interface. As a smart generative fuzzer, it is aware of the full protocol structure providing better coverage of the application tested and does not depend on the quality of user input provided.  It automatically tests without any additional guidance from the user.

Automotive compliance regulations require black box fuzzing tools that specialize in: 

CANbus: BeSTORM developed a focus on automotive systems and CANbus protocol fuzzing, which is essential for identifying vulnerabilities within vehicle communication networks.

Bluetooth: Many IoT and automotive systems rely on Bluetooth for connectivity and development needs to ensure these implementations are secure against potential attacks.

Network Protocols: Automotive WIFI network protocol fuzzing is also required to secure devices against common network-based attacks and vulnerabilities.

H: Results 

BeSTORM’s black box fuzz testing tool covered the client’s compliance and regulatory requirements.  The client knew it was a worthwhile investment to use fuzz testing during the developmental and testing phases to help avoid compliance challenges, downtime, or product recalls down the road.