Driverless cars are on the horizon and accelerating towards us faster than we expected, or maybe want. So it stands to reason that there should be a way of testing them and making sure they’re safe. So Peach Fuzzer has added enhancements to its fuzz-testing platform to enable autonomous vehicles to be tested.
This latest release extends the out-of-the-box fuzzing capabilities of Peach Fuzzer to allow interfacing with, and scrutinizing of, protocols built upon the pervasive automotive communications protocol, CAN bus.
Auto manufacturers and firms can now uncover previously undetected flaws that could otherwise have led to potentially deadly zero-day attacks.
These enhancements make it even easier to systematically deploy the Peach Fuzzer platform to sniff out and identify unknown vulnerabilities in any of the dozens of electronic control units (ECUs) that have recently been targeted in high-profile proof-of-concept exploits.
Peach Fuzzer now offers a cost-effective solution for discovering unknown vulnerabilities in the 70+ ECUs and components responsible for automotive operation (transmission, cruise control, power steering) and safety (airbags, antilock braking, alarm). Fuzz-testing controllers and connected devices built upon the CAN bus standard with Peach Fuzzer is a necessary step in preventing zero-day attacks upon automotive systems.
We will be demonstrating our fuzzing technology between Feb 29 – Mar 4 at the RSA Conference 2016 in San Francisco at the Moscone Center booth N3220.
In addition to these improvements for the automotive community, this latest release includes support for the following protocol definitions:
- BACnet – Building Automation and Control Networks
- DNP3 – Distributed Network Protocol
- ERPS – Ethernet Ring Protection Switching
- SNMPv3 –Simple Network Management Protocol
- SSL Cipher Suites – Secure Sockets Layer, Transport Layer Security
Peach Fuzzer is a Seattle-based security testing company providing enterprise-grade testing solutions. Through leading-edge products, Peach Fuzzer offers customizable testing strategies for our clients to deploy throughout the security development lifecycle. Our flagship product and namesake is the premier fuzzing solution for security testing across a multitude of critical industries.
Fuzz testing uncovers previously unknown vulnerabilities in hardware and software by sending these targets malformed data in order to cause unintended consequences. Relevant results are captured, analyzed, and evaluated enabling engineers to ship secure products. Fuzzing uncovers the back-door flaws hackers look for.