Breakwater

Breakwater Test Suite is a set of automated vehicle tests that can be used to verify that cybersecurity controls have been put in place against common threats and vulnearbilities. Passing the Breakwater tests provides a baseline test suite to provide confidence for UNR155 and other regulatory compliance.

Breakwater also provides a suites of interface scans to provide information reguarding available attack surfaces and enable deeper probing and penetration testing.

Version

April 2024 (version 1.3)

Update 1.3.3

Supported Interfaces

  • CAN/OBD II
  • Automotive Ethernet
  • Wi-Fi
  • Bluetooth Classic
  • Bluetooth Low Energy
  • USB
  • Cellular
  • V2X (Keysight)

Available Test Cases

Test IDTest Case TitleInterface
DS_BT_0001BT - Address ScanBluetooth
DS_CAN_0001UDS - Server ScanCAN/OBD
DS_CAN_0002UDS - Service ScanCAN/OBD
DS_CAN_0003CCP - Server ScanCAN/OBD
DS_CAN_0004XCP - Server ScanCAN/OBD
DS_CAN_0005UDS - Session ScanCAN/OBD
DS_NET_0001NET - Identify HostsAutomotive Ethernet, Wi-Fi, Cellular
DS_NET_0002NET - TCP Port ScanAutomotive Ethernet, Wi-Fi, Cellular
DS_NET_0003NET - UDP Port ScanAutomotive Ethernet, Wi-Fi, Cellular
DS_NET_0004NET - IPv6 TCP Port ScanAutomotive Ethernet, Wi-Fi, Cellular
TS_BLE_0001BLE - Link Layer Length OverflowBLE
TS_BT_0001BT - Invalid Timing AccuracyBluetooth
TS_BT_0002BT - Repeated Host ConnectionBluetooth
TS_BT_0003BT - KNOB AttackBluetooth
TS_BT_0004BT - AU Rand FloodingBluetooth
TS_BT_0005BT - Truncated LMP AcceptedBluetooth
TS_BT_0006BT - LMP Max Slot OverflowBluetooth
TS_BT_0007BT - Duplicated IOCAPBluetooth
TS_BT_0008BT - Invalid Max Slot TypeBluetooth
TS_BT_0009BT - LMP Auto Rate OverflowBluetooth
TS_BT_0010BT - Invalid Setup CompleteBluetooth
TS_CAN_0001CAN - DoS RecoveryCAN/OBD
TS_CAN_0002UDS - Write Memory by AddressCAN/OBD
TS_CAN_0003UDS - Read Memory by AddressCAN/OBD
TS_CAN_0004UDS - Request UploadCAN/OBD
TS_CAN_0005UDS - Request DownloadCAN/OBD
TS_CAN_0006UDS - Write Memory by IDCAN/OBD
TS_CAN_0007UDS - Communication ControlCAN/OBD
TS_CAN_0008UDS - IO Control by IDCAN/OBD
TS_CAN_0010CCP - UploadCAN/OBD
TS_CAN_0011CCP - DownloadCAN/OBD
TS_CAN_0012CCP - ProgramCAN/OBD
TS_CAN_0013XCP - UploadCAN/OBD
TS_CAN_0014XCP - DownloadCAN/OBD
TS_CAN_0015XCP - ProgramCAN/OBD
TS_CAN_0016UDS - Security AccessCAN/OBD
TS_NET_0001ETH - ARP Host ScanAutomotive Ethernet
TS_NET_0002ETH - CAM Overflow AttackAutomotive Ethernet
TS_NET_0003ETH - DHCP Query ScanAutomotive Ethernet
TS_NET_0004NET - DNS Zone Transfer AttackAutomotive Ethernet, Wi-Fi
TS_NET_0005ETH - Unauthenticated Routing CheckAutomotive Ethernet
TS_NET_0006NET - Observe TLS VersionAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0007NET - Supported TLS CiphersAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0008NET - Supported TLS VersionsAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0009NET - QNX QCONN RCEAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0010ETH - Internet ForwardingAutomotive Ethernet
TS_NET_0011NET - SSH Password Authentication CheckAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0012NET - SSH Key StrengthAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0013NET - mTLS Self Signed CertAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0014NET - Telnet CheckAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0015NET - Shellshock CVEAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0017ETH - ARP PoisoningAutomotive Ethernet
TS_USB_0001USB - Keyboard CommunicationUSB
TS_USB_0002USB - Serial CommunicationUSB
TS_V2X_0001C-V2X - Sybil AttackC-V2X
TS_V2X_0002C-V2X - Certificate SpoofingC-V2X
TS_Wi-Fi_0001Wi-Fi - Base Station Supported Authentication TypesWi-Fi
TS_Wi-Fi_0002Wi-Fi - Base Station Weak Password AttackWi-Fi

Upcoming Test Cases

July 2024 - Version 1.4

Test IDTest Case TitleInterface
TS_BT_0011BT - Blueborne-Android6Bluetooth
TS_BT_0012BT - Blueborne-LinuxBluetooth
TS_BT_0013BT - BlueFrag-Android9Bluetooth
TS_BT_0014BT - Heap-Based Type Confusion in L2CAPBluetooth
TS_BT_0015BT - Stack-Based Information Leak in A2MPBluetooth
TS_NET_0016NET - SSH Password Authentication CheckAutomotive Ethernet, Wi-Fi, Cellular

October 2024 - Version 1.5

Test IDTest Case TitleInterface
DS_CAN_0006J1939 - Check for Address ClaimCAN
TS_CAN_0017J1939 - BAM BlockCAN
TS_CAN_0018J1939 - Connection DoSCAN
TS_CAN_0019J1939 - Memory LeakCAN
TS_CAN_0020J1939 - Read Memory by AddressCAN
TS_NET_0018NET - Heartbleed SSL VulnAutomotive Ethernet, Wi-Fi, Cellular
TS_BT_0016BT - My Name is Keyboard VulnBluetooth
TS_BT_0017BT - L2CAP _CMD_CONN_REQ Memory LeakBluetooth
TS_BT_0018BT - L2CAP _CMD_DISC_REQ Memory LeakBluetooth
TS_BT_0019BT - L2CAP Fuzzing TestBluetooth
TS_BT_0020BT - Bluetooth Info ScanBluetooth

January 2025 - Version 2.0

Test IDTest Case TitleInterface
TS_NET_0021IPv6 - DHCP Client Flooding AttackAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0022IPv6 - DHCP Server Flooding AttackAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0023IPv6 - DHCP Server FuzzingAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0024IPv6 - DHCP Client FuzzingAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0020IPv6 - IPv6 Packet FuzzingAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0019IPv6 - Parasite6 AttackAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0018IPv6 - Exploit6 AttackAutomotive Ethernet, Wi-Fi, Cellular
TS_NET_0025IPv6 - Denial6 AttackAutomotive Ethernet, Wi-Fi, Cellular