KPIT has developed a methodology for identifying vulnerabilities using Fuzz Technique. We have developed a Fuzzer which can be used to find hidden vulnerabilities of an Automotive Systems by sending fuzzed data over CAN (UDS)/ CAN protocol, using mutation based Fuzz Testing.
Identify all Diagnostic Session IDs present on the System Under Test (SUT), Identify arbitration ids for all the diagnostic sessions
Create positive test suit with valid CAN messages
Mutation of the valid input request is carried out, mutated inputs are provided to the SUT and SUT’s responses are analyzed for crash or halt.
By providing invalid input to the system ,the behavior of the ECU is observed. The erroneous responses of ECU (vulnerabilities) are found and reported. These requests and responses are stored in a file and analyzed.
Generate list of vulnerable messages
Possible Attacks that can be prevented on Automotive Systems :
Denial of Service(DoS) attack.
Tools / Methodologies
KPIT has developed own methodology for identifying vulnerabilities using FUZZ Technique
Knowledge of the system: Black / Grey Box Fuzz Testing
Hardware: CAN Tools (CANoe, CANAnalyzer,), ECU
KPIT has knowhow on commercial Fuzz Testing tool like Synopsys Defensics
Connect with us
KPIT Technologies is a global partner to the automotive and Mobility ecosystem for making software-defined vehicles a reality. It is a leading independent software development and integration partner helping mobility leapfrog towards a clean, smart, and safe future. With 11000+ automobelievers across the globe specializing in embedded software, AI, and digital solutions, KPIT accelerates its clients’ implementation of next-generation technologies for the future mobility roadmap. With engineering centers in Europe, the USA, Japan, China, Thailand, and India, KPIT works with leaders in automotive and Mobility and is present where the ecosystem is transforming.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect analytics data, performance-related data. We also share information about your use of our website with our analytics, social media and advertising partners.