The Future of Software Security Testing
When mobile devices and native apps hit the mainstream market, the software testing world underwent a major shake-up. Companies and testers alike are still working to bring mobile testing up to the same level as decades of desktop testing. But the ecosystem of innovation hasn’t slowed down. In addition to the ever-changing threats present in software, web, and mobile testing, the quality assurance profession will soon have to branch out into new fields—such as wireless medical devices and vehicle software testing.
In recent years it has been repeatedly proven that vehicle computer systems and wireless medical devices are susceptible to hacking. Although a malicious attack has never been reported, several research groups and security organizations proved the existence of security vulnerabilities that allow people to hack insulin pumps, pacemakers, implantable cardiac defibrillators, and wireless vehicle communication systems.
Unfortunately, manufacturers have a long way to go when it comes to understanding security software. Though cars and medical devices are not new, the use of wireless communication technology within the devices is fairly new. Device manufacturers are not used to addressing the outside threats and vulnerabilities presented by wireless tech. Hacking has never been an issue for them, so companies are behind when dealing with potential security threats.
The general consensus among security experts seems to be that vehicle system security is about twenty years behind the rest of the software security industry. Experts see the accelerated surge of car tech combined with the lag in understanding security risks as the reason vehicle system hacking is potentially so dangerous.
In terms of medical devices, the Federal Drug Administration, which is responsible for approving new devices for public use, has admitted that it has not considered intentional attacks during its security evaluations. Because of this, device manufacturers have focused mainly on unintentional security issues (such as unintentional radio signal interference) and have not invested in testing for attack-based security vulnerabilities.
For vehicles, security testing could be reasonably straightforward. The computer systems in vehicles are not incredibly different from the systems QA experts deal with on a daily basis. A team from the University of South Carolina and Rutgers, who initiated a tire pressure hack, suggested that simply implementing traditional security rules into the software in cars might be enough to deter most hackers. McAfee’s vehicle software security research team reportedly isn’t so sure that security testing non-traditional devices will be that easy. Security testers may need new training and techniques to ensure security measures don’t interfere with intricate and vital communications systems.
When it comes to medical devices, security practices are sure to require a shift on the part of QA. Many of the traditional ways of securing software could potentially adversely affect an implanted device’s functionality.
As wireless devices become more prevalent and sophisticated, quality assurance and security professionals are going to need to work hard to stay ahead of potential hackers.
Read the full post on the uTest Software Testing Blog.