Client Uses Fuzz Testing to Uncover Vulnerabilities
in Wireless Connectivity Application
Challenges
Vehicle development and production has exponentially increased the wireless and Bluetooth connectivity between internet connected devices and vehicles. Wireless connectivity gives the end user more ease-of-use within the vehicle, like GPS, internet streaming music, operating system analysis, and vehicle security, however that same connection can be vulnerable to a cyberattack that can steal sensitive data or even disable fleets of vehicles.
The client knew the importance of dynamic application security testing, specifically a black box fuzzer tool. They inquired about BeSTORM because it is a smart, black-box, generative fuzzer. It generates inputs from scratch based on the protocol, files specification, and format for the more than 250+ supported predefined modules.
Black box fuzzing needed to be the focus as it doesn’t require access to development source code and fuzz testing simulates attacks using the same methods a malicious actor would use. The client was leveraging a combination of open source fuzzers and symbolic execution tools. This pairing was inefficient and did not provide enough reach. A solution to allow them to cover a broader range of vulnerability detection and enhance their abilities with more advanced and automated fuzzing techniques, such as dynamic analysis, was desired. BeSTORM satisfied all of these user requirements.
Another beneficial feature that the client was looking for was the ability to identify security vulnerabilities in the developmental phase. This is important because any weakness that is uncovered can be remediated before the product is launched. No expensive recalls, no costly downtime, and security remediation is applied in a developmental lab setting. BeSTORM checked the box on this.
The Solution
BeSTORM specializes in testing Internet of Things (IoT), Bluetooth, and wireless connective systems on automotive devices during the development phase. It can test hardware and software in one interface. As a smart generative fuzzer, it is aware of the full protocol structure providing better coverage of the application tested and does not depend on the quality of user input provided. It automatically tests without any additional guidance from the user.
AT-A-GLACE
INDUSTRY
Automotive Wireless Connectivity Development
PROBLEMS SOLVED
- The need for affordable vulnerability fuzzing during application development
- No time to write/develop security protocols for fuzz testing
- Difficulty managing multiple open-source fuzzers with limited reach
- The need to meet expanded automotive compliance requirements
KEY SOLUTIONS
BeSTORM Black Box Fuzzer Tool
RESULTS
Wireless connectivity in vehicles is increasingly targeted by malicious actors . BeSTORM’s black box fuzzing tool “future-proofs” compliance regulation by utilizing its 250+ protocols to fuzz test during the product development process. This helps to ensure that any vulnerabilities are identified for remediation before going to market so you can pass compliance audits and avoid recalls or taking products offline.
Automotive compliance regulations require black box fuzzing tools that specialize in:
CANbus: BeSTORM developed a focus on automotive systems and CANbus protocol fuzzing, which is essential for identifying vulnerabilities within vehicle communication networks.
Bluetooth: Many IoT and automotive systems rely on Bluetooth for connectivity and development needs to ensure these implementations are secure against potential attacks.
Network Protocols: Automotive WIFI network protocol fuzzing is also required to secure devices against common network-based attacks and vulnerabilities.
H: Results
BeSTORM’s black box fuzz testing tool covered the client’s compliance and regulatory requirements. The client knew it was a worthwhile investment to use fuzz testing during the developmental and testing phases to help avoid compliance challenges, downtime, or product recalls down the road.
See How Black Box Fuzzing Can Protect Your Industry
Get a demo of BeSTORM and see how black box fuzzing can uncover unknown vulnerabilities during your product development cycle.