ramriot t1_j4hj9kd wrote
Reply to comment by abitrolly in Zero Days (2016) - Stuxnet, a piece of self-replicating computer malware that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target. [01:53:51] by Missing_Trillions
I could be wrong but I'm guessing by the date that the development of the exploit predates the availability of modern fuzzing software.
abitrolly t1_j4hkjjs wrote
Fuzzing is a method of putting unexpected stuff into function parameters. You can write a fuzzer yourself, like `for x in random(): call(x)`.
charleswj t1_j4hsj4b wrote
That's only part of it. It's purpose is to discover vulnerabilities. That's not what was happening there
Optimistic__Elephant t1_j4nvpoj wrote
What does this fuzzing accomplish? Is the idea to find an input that returns an error of some sort?
abitrolly t1_j5b6xmw wrote
Find the value that will bypass safety checks and destabilize connected hardware. Just sending random noize might not help, so the fuzzer could try to steadily increase some values or execute another logic that is known to be harmful for typical process control mechanisms. I called it fuzzer because I assume it doesn't know what is the real mechanism on the other end. If you have source code and schematic of the plant, you don't need to guess and can directly write targeted destructive code.
Viewing a single comment thread. View all comments