Current automotive cybersecurity testing methods are often performed manually, and not automated, to find security vulnerabilities. The downside is that it is difficult, time-consuming, and expensive to find security risks. Therefore, it is necessary and beneficial to conduct automated and black-box security testing during the cycle of car development, pre-production testing and manufacturing. In this paper, the authors introduce the first automated automotive cybersecurity testing toolkit so OEMs can quickly and easily identify security vulnerabilities in their vehicles. The tool has successfully detected many serious security vulnerabilities in a number of vehicles, and has helped OEMs identify and correct ECU firmware security vulnerabilities by reflashing new-version firmware. Furthermore, the authors open-sourced the testing APIs.
Yan et al. (Sun,) studied this question.