With the development of Smart Connected Vehicles in recent years, there have been more and more attacks against Connected Vehicles. Although the EEA (electrical and electronic architecture) of Connected vehicles has undergone great changes in recent years, the EEA of various manufacturers is also different. However, hackers’ attack target has not changed, it is still the core VCU (Vehicle Control Unit). VCU is usually an MCU-based embedded device, based on cortex-M/Cortex-R, Tricore, etc., and running a real-time operating system such as FreeRTOS or AUTOSAR .
In the development process of VCU, most manufacturers also follow the guidance of ISO21434 and conduct many information security tests on software and hardware. The software test methods for MCUs are relatively simple, such as unit testing, code auditing, and manual code instrumentation. There are two problems with these testing methods. Handwritten test cases are required, and the test case library is relatively simple. Therefore, we introduce fuzzing into the vehicle MCU security test. At the same time, to make the fuzzing smarter, we collect the ARM ETM with the help of an external debugger, to achieve code coverage-guided fuzzing.
Finally, we combined WINAFL and Trace32, and with the assistance of Lauterbach PowerDebug, we had code coverage-guided fuzzing test of ARM Corex-M based MCU. We use this tool to test our CAN services and SOA services and found several security vulnerabilities and bugs that affect the stability of the system. This fuzzing method can not only be used for mining information security vulnerabilities, but also for functional safety software testing to improve the robustness of the MCU system.