Fuzzing Embedded Protocols


Embedded systems are prevalent in all parts of modern life, consumer electronics, home automation, and also in various safety critical areas such as medical devices or automotive systems. Their large influence means they attract malicious intent. Attackers aim to compromise data or render devices nonfunctional. Therefore, the creation of robust and secure embedded systems is paramount. Despite their ubiquity in our daily life, their financial viability has meant that in practice important aspects of embedded systems, such as security are frequently overlooked. Additionally, numerous vulnerable systems are currently available on the market without the capability for updates therefor making fixes impossible. This underscores the significance of ensuring that these systems are launched with minimal bugs and vulnerabilities. To enhance system security, proactive vulnerability detection and mitigation are crucial. Fuzzing proves highly effective in achieving this goal. Fuzzing is an automated software testing approach that involves introducing invalid, malformed, or unexpected inputs into a program. The program’s behaviour is observed for anomalies like crashes or memory leaks, aiming to identify software defects and vulnerabilities. Despite the growing popularity of fuzzing, the field of fuzzing embedded systems lacks research publications, primarily due to the challenges associated with conducting effective fuzz testing on such systems. In this thesis, a prototype fuzzer is created for applications that rely on SocketCAN for communication. SocketCAN is an implementation of the widely adopted Controller Area Network (CAN) protocol within embedded systems. It is a virtual machine based snapshot fuzzer addressing problematic characteristics of embedded systems like statefulness and specialized inputs. One of its primary benefits is that it emulates communication with the fuzzing target, leading to improved performance and broader applicability. This contributes to addressing the research gaps concerning security in embedded systems and the practice of fuzzing within this context. Furthermore, this thesis includes a discourse on the subject of fuzzing applications utilising embedded protocols, aiming to encourage further exploration in this domain. This knowledge can be employed to expand the developed prototype fuzzer and to contribute to various other fuzzing projects as well.

TU Wien