We’re excited to let our readers know that Argus won the “Automotive Cybersecurity Innovation of the Year” award in the 2021 Autotech Breakthrough Awards Program for our new penetration testing technology.
This game-changing cybersecurity technology enables vehicle manufacturers – for the first time – to run coverage-guided fuzzing on embedded binary software without modifying the software’s code. Using this method, automakers can test third party libraries used in electronic control units (ECUs) when searching for software vulnerabilities – a key requirement for UNR 155 certification.
The Problem: Testing Third Party Libraries (Binaries) in Embedded Devices
Vehicle manufacturers (OEMs) and suppliers know that software vulnerabilities inevitably lead to cyber attacks. Accordingly, they need ways to verify that their vehicle software is free of vulnerabilities before they embed them in their ECUs.
For non-embedded software, cost-effective testing solutions have been available for some time. One common automatic testing technique is fuzzing, which sends multiple random or mutated messages to a target system until it triggers a bug. The ideal fuzzing method is coverage-guided fuzzing, which uses analytics from the software’s binary code to determine which messages to send for optimal testing coverage.
However, fuzzing runs into a number of problems in embedded devices. To test these systems, you need to emulate the entire environment, which can vary from ECU to ECU. In particular, the following issues make coverage-guided fuzzing virtually impossible for testing binary code in embedded devices:
- The need to simulate all hardware peripherals in the real system environment that don’t exist in the emulated environment (e.g., external memory, serial communication with other components). These setup activities are complicated and time-consuming, and not always worth the effort involved.
- The emulator must be consistent with the CPU architecture of the embedded device. If such an emulator doesn’t exist, developing one typically requires significant time and effort.
The Breakthrough: New Method for Coverage-guided Fuzzing of Embedded Devices
To help vehicle manufacturers effectively pentest ECUs and other embedded devices, any potential solution had to overcome the obstacles mentioned above. Our goal was to enable testing teams to use coverage-guided fuzzing for embedded devices, but without the huge setup overhead.
Until now – as a workaround – ECU development teams have been using the “fuzzing for interfaces” technique, which monitors ECU resets and sends harmful messages through the ECU interfaces. The downside of this method is that it doesn’t consider the percentage of code that is actually tested.
Argus addressed this limitation by developing a game-changing technique that enables development teams to analyze the percentage of code covered when dynamically testing a live embedded system. This innovative method comprises three simple steps:
- Connect either a software or a hardware debugger to the ECU device
- Apply the fuzzing actions (using AFL++ as a fuzzing engine) through the debugger functionalities (such as breakpoints, read and write to memories).
- Wrap the debugger and feed the fuzzing engine (i.e., AFL++) the information that it expects to receive.
Since overall performance is dependent on hardware performance, debugger performance, and the software implementation, our solution supports configurable optimizations. For example, the tester can define the timeout of each run and even define the percentage of basic blocks (i.e., minimal code blocks without branches) to monitor.
Using Innovation to Address Vehicle Manufacturers’ Critical Cybersecurity Needs
The Autotech Breakthrough Award is further validation of the automotive cybersecurity innovation and expertise driving product development at Argus. We are confident that our ground-breaking method for pentesting third-party libraries will significantly contribute to detecting and mitigating vulnerabilities in vehicle software.
Understanding the cyber security challenges facing today’s vehicle manufacturers, Argus will continue to proactively develop technologies that help OEMs and Tier 1 suppliers improve their cybersecurity posture, comply with the latest regulations, and enhance vehicle safety.