Share

Advanced fuzzing uncovers all software vulnerabilities

#backdoors #Cybersecurity #Fuzzing #software analysis
Fuzzing, or fuzz testing, is an automated technique for testing software in a large number of scenarios to identify real vulnerabilities. CEA-List is using advanced fuzzing for backdoor detection.
What it is for

Detecting backdoors in the software our IT infrastructure runs on

Routers, cameras, and other IT equipment contains electronic components that run on software often provided by manufacturers in binary code only. This kind of software generally contains reusable code—sometimes thousands of lines of it. And, since much of this code comes from publicly-available online repositories, the software supply chain is especially hard to control. Malware can be introduced through backdoors. One-day attacks, which exploit known vulnerabilities in widely-used code, can be launched. Both create significant risks for systems.

Fuzzing, or fuzz testing, is an automated technique for testing software in a large number of scenarios to uncover real vulnerabilities. AFL++ and other modern fuzzing tools have been proven to successfully reveal vulnerabilities in a wide variety of programs of all types and sizes. CEA-List is developing new techniques that can be used alongside these versatile and powerful tools. One of them, advanced fuzzing, is designed to detect more complex and better-hidden vulnerabilities, such as those that enable software supply chain attacks.

CEA-List’s ROSA was developed specifically to detect backdoors, with a focus on vulnerabilities in communications protocols (routers and publicly-available software components used in network management).

These advanced fuzzing techniques were developed via French and international multi-partner research projects ANR JCJC BACKED (2023-2027) and ANR PTCC SECUBIC (2025-2028).

Advantages

Simple, versatile, efficient, and relevant

Advanced fuzzing offers several main advantages:

  • The underlying principle—software testing—is understood and used by everyone.
  • The technique, which leverages existing testing infrastructure, can be used on many types of software, regardless of size or complexity.
  • Binary code can be analyzed, even if the source code is unavailable.
  • Real backdoors can be detected quickly, with results generated in several minutes to several hours.
  • These tools constitute an effective response to today’s limited technological sovereignty and resulting difficulties controlling the software supply chain.
  • Finally, the tools are backed by CEA-List, a leader in cybersecurity, and its entire ecosystem.
ROSA automated backdoor detection tool interface. ROSA utilizes advanced fuzzing techniques. This screen shows the successful detection, produced in around ten minutes, of a hard-coded password injected into the SUDO system administration tool.

Applications

  • Firmware auditing (IoT and other connected devices, etc.)
  • Off-the-shelf software component auditing
  • Secure open-source software development

PROJECTS

PUBLICATIONS

See also

Focus areas

Cybersecurity: toward safety and privacy by design
Cybersecurity is at the heart of digital sovereignty, and an essential constituent of modern societies. As a crucial element for peace and security in cyberspace, it is an invisible but key enabler fo...
Read more
#Cybersecurity #software analysis #surety
Technology platforms

Cybersecurity
Cybersecurity is about analyzing vulnerabilities in complex digital systems and using innovative technologies to find new ways of preventing cyberattacks.
Read more