Vulnerabilities in HSM components are one of the most critical issues in automotive software. Once shipped, erroneous HSMs are difficult to update and can in the worst case induce callbacks.

At Code Intelligence, we have repeatedly discovered severe security issues in automotive HSM that had been missed in pen-tests multiple times, such as:

• Remote Code Executions
• Buffer Overflows
• Heap Use After Free
• Segmentation Fault
• and Undefined Behavior

Currently, there are many challenges in HSM security testing, such as the difficulty of manual reviews, costly bug fixes, and limited code
coverage.

In this webinar, our automotive security expert Daniel Teuchert demonstrates how CI Fuzz can be used to initiate automated fuzz testing and identify vulnerabilities quickly and reliably, and how to continuously test for critical vulnerabilities using coverage-guided feedback.