CN117177245A - WIFI safety test method, system and equipment for vehicle - Google Patents
WIFI safety test method, system and equipment for vehicle Download PDFInfo
- Publication number
- CN117177245A CN117177245A CN202311049207.3A CN202311049207A CN117177245A CN 117177245 A CN117177245 A CN 117177245A CN 202311049207 A CN202311049207 A CN 202311049207A CN 117177245 A CN117177245 A CN 117177245A
- Authority
- CN
- China
- Prior art keywords
- test
- wifi
- vehicle
- vulnerability
- tested vehicle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000009781 safety test method Methods 0.000 title claims abstract description 7
- 238000012360 testing method Methods 0.000 claims abstract description 327
- 238000011076 safety test Methods 0.000 claims abstract description 23
- 238000000034 method Methods 0.000 claims abstract description 19
- 238000012986 modification Methods 0.000 claims abstract description 12
- 230000004048 modification Effects 0.000 claims abstract description 12
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 238000010998 test method Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 5
- 230000006870 function Effects 0.000 description 7
- 238000005422 blasting Methods 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 4
- 230000007613 environmental effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004904 shortening Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The application discloses a WIFI safety test method, a system and equipment for a vehicle, wherein the method is applied to test equipment and comprises the following steps: establishing WIFI connection with the tested vehicle; acquiring a plurality of test instructions, transmitting the plurality of test instructions to a tested vehicle based on WIFI connection, so that the tested vehicle executes the plurality of test instructions, and performing security test on WIFI of the tested vehicle to obtain a test result; receiving a test result sent by a tested vehicle; if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a vulnerability modification suggestion. The method and the device solve the technical problem of low WIFI safety test efficiency of the vehicle.
Description
Technical Field
The application belongs to the technical field of information security testing, and particularly relates to a WIFI security testing method, system and equipment for a vehicle.
Background
With the development of intelligent networking vehicles, vehicles face more and more risks of information security attack, and lawbreakers can easily acquire personal information and user data stored on the vehicles and even control and hold the vehicles by illegally invading WIFI (Wireless Fidelity, wireless network) of the vehicles. In the technology disclosed in the present stage, only the test content and the connection mode of the vehicle WIFI information security are simply related, and no scheme can carry out integrity test verification on the vehicle WIFI information security, including the completion of the construction, test execution, test analysis and test recording functions of a test environment, manual confirmation and other operations are required, and single-item stepwise operation is required, so that the time required by the test process and the result analysis of the vehicle information security test is too long. Therefore, the low WIFI safety test efficiency of the vehicle is a technical problem to be solved urgently.
Disclosure of Invention
The embodiment of the application provides a WIFI safety test method, a system and equipment for a vehicle, which solve the technical problem of low WIFI safety test efficiency of the vehicle.
In a first aspect, an embodiment of the present application provides a WIFI security test method for a vehicle, applied to a test device, where the method includes: establishing WIFI connection with the tested vehicle; acquiring a plurality of test instructions, and transmitting the plurality of test instructions to the tested vehicle based on the WIFI connection so that the tested vehicle executes the plurality of test instructions, and performing security test on the WIFI of the tested vehicle to obtain a test result; receiving the test result sent by the tested vehicle; and if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a modification suggestion of the vulnerability.
With reference to the first aspect of the present application, in some implementations, the sending, based on the WIFI connection, the plurality of test instructions to the vehicle under test includes: transmitting one test instruction of the plurality of test instructions to the tested vehicle so as to enable the tested vehicle to perform the current test of the WIFI safety test; and responding to the current test completion signal fed back by the tested vehicle, selecting a next test instruction from the plurality of test instructions and sending the next test instruction to the tested vehicle.
With reference to the first aspect of the present application, in some implementations, the sending, based on the WIFI connection, the plurality of test instructions to the vehicle under test includes: and sending the plurality of test instructions to the tested vehicles one by one according to a preset time interval, so that the tested vehicles carry out WIFI safety test according to the receiving sequence.
With reference to the first aspect of the present application, in some implementations, the sending, based on the WIFI connection, the plurality of test instructions to the vehicle under test includes: and merging the plurality of test instructions to obtain a test instruction set, and sending the test instruction set to the tested vehicle.
With reference to the first aspect of the present application, in some embodiments, the acquiring a plurality of test instructions includes: acquiring a plurality of test contents; and adding executable commands to the plurality of test contents to obtain the plurality of test instructions.
With reference to the first aspect of the present application, in some embodiments, the plurality of test contents includes at least two of: the vulnerability test content of the protocol stack; testing content by a weak encryption algorithm; denial of service attack test content; weak password test content; port open test content; and fishing attack test contents.
With reference to the first aspect of the present application, in some embodiments, the generating a vulnerability test report according to the test result includes: based on the test result, acquiring a plurality of holes existing in WIFI of the tested vehicle; scoring the plurality of loopholes according to a preset hazard scoring principle to obtain loophole grades corresponding to the plurality of loopholes; and obtaining the vulnerability test report based on the plurality of vulnerabilities and the vulnerability grade corresponding to each vulnerability.
In a second aspect, an embodiment of the present application provides a WIFI security test method for a vehicle, which is applied to a tested vehicle, including: receiving and responding to a WIFI connection request sent by test equipment, so that the test equipment obtains a plurality of test instructions and then sends the plurality of test instructions based on the WIFI connection; receiving the plurality of test instructions; executing the plurality of test instructions, and performing security test on the WIFI of the tested vehicle to obtain a test result; and sending the test result to the test equipment so that if the test result represents that the WIFI of the tested vehicle has potential safety hazards, the test equipment generates a vulnerability test report according to the test result.
In a third aspect, an embodiment of the present application provides a WIFI security test system for a vehicle, where the system includes a vehicle under test and a test device; the test equipment is used for establishing WIFI connection with the tested vehicle; the tested vehicle is used for receiving and responding to the WIFI connection request sent by the test equipment; the test equipment is further used for acquiring a plurality of test instructions, and sending the test instructions to the tested vehicle based on the WIFI connection; the tested vehicle is further used for receiving the plurality of test instructions; executing the plurality of test instructions, and performing security test on the WIFI of the tested vehicle to obtain a test result; transmitting the test result to the test equipment; the test equipment is also used for receiving the test result sent by the tested vehicle; and if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a modification suggestion of the vulnerability.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of the first or second aspects when the computer program is executed.
The one or more technical solutions provided by the embodiments of the present application at least achieve the following technical effects or advantages:
according to the embodiment of the application, the WIFI connection is established with the tested vehicle; acquiring a plurality of test instructions, transmitting the plurality of test instructions to a tested vehicle based on WIFI connection, so that the tested vehicle executes the plurality of test instructions, and performing security test on WIFI of the tested vehicle to obtain a test result; receiving a test result sent by a tested vehicle; if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a vulnerability modification suggestion. The test equipment sends a plurality of test instructions to the tested vehicle so that the tested vehicle executes the plurality of test instructions and generates a vulnerability test report according to the test result, thereby avoiding manual confirmation and other operations and shortening the test process of the vehicle information safety test and the time required by result analysis. Therefore, the WIFI safety test efficiency of the vehicle is improved.
Meanwhile, the automation degree of the WIFI safety test of the vehicle is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a WIFI security test system of a vehicle according to an embodiment of the application;
fig. 2 is a flowchart of a WIFI security test method of a vehicle according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The description as it relates to "first", "second", etc. in the present application is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present application.
The embodiment of the application provides a WIFI safety test system of a vehicle, which is shown by referring to FIG. 1, and comprises a tested vehicle and test equipment; the test equipment is used for establishing WIFI connection with the tested vehicle; the tested vehicle is used for receiving and responding to the WIFI connection request sent by the test equipment; the test equipment is also used for acquiring a plurality of test instructions and transmitting the plurality of test instructions to the tested vehicle based on the WIFI connection; the vehicle to be tested is also used for receiving a plurality of test instructions; executing a plurality of test instructions, and performing security test on WIFI of the tested vehicle to obtain a test result; transmitting the test result to the test equipment; the test equipment is also used for receiving a test result sent by the tested vehicle; if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a vulnerability modification suggestion.
The embodiment of the application provides a WIFI safety test method for a vehicle, which is applied to test equipment. Referring to fig. 2, the method includes the following steps S101 to S104:
s101: and establishing WIFI connection with the tested vehicle.
It can be appreciated that the tested vehicle receives and responds to the WIFI connection request sent by the testing device, and establishes the WIFI connection between the testing device and the tested vehicle.
S102: and acquiring a plurality of test instructions, and transmitting the plurality of test instructions to the tested vehicle based on the WIFI connection so as to enable the tested vehicle to execute the plurality of test instructions, and performing safety test on the WIFI of the tested vehicle to obtain a test result.
It will be appreciated that the method of retrieving a plurality of test instructions comprises the steps of: acquiring a plurality of test contents; and adding executable commands to the plurality of test contents to obtain a plurality of test instructions.
Wherein the plurality of test contents includes at least two of: protocol stack vulnerability test content, weak encryption algorithm test content, denial of service attack test content, weak password test content, port open test content, and phishing attack test content.
Specifically, the protocol stack vulnerability test content may be downloading a WIFI protocol stack vulnerability detection script from a CVE (Common Vulnerabilities & Exposures, public vulnerability and exposure) or CNNVD (China National Vulnerability Database of Informatio, china national information security vulnerability library) official network. The weak encryption algorithm test content can be an encryption algorithm which is internally provided with a WIFI protocol detection function and used for identifying WIFI. The denial of service attack test content may be a DOS attack script with WIFI built in. The weak password test content can be a script for cracking the WIFI password, wherein the script is a built-in password dictionary library. The port opening test content may be a script that scans the WIFI port to determine the opened port. The phishing attack test content can be a script which simulates the similar name and encryption mode of a connected mobile phone WIFI network, connects a vehicle WIFI and requests sensitive information or personal data from the vehicle.
It will be appreciated that the transmission of a plurality of test instructions to the vehicle under test based on the WIFI connection may include a variety of embodiments, each of which is described below:
embodiment one:
transmitting one test instruction of the plurality of test instructions to the tested vehicle so as to enable the tested vehicle to perform the current test of the WIFI safety test; and responding to the current test completion signal fed back by the tested vehicle, selecting the next test instruction from the plurality of test instructions and sending the next test instruction to the tested vehicle.
It can be understood that the method of selecting the next test instruction from the plurality of test instructions to be sent to the tested vehicle may be sending according to a preset sequence or randomly selecting to be sent. After receiving the current test completion signal, the next instruction is sent, so that the ordered proceeding of the WIFI safety test of the vehicle can be ensured, and the reliability of the test result is improved.
Embodiment two:
and sending a plurality of test instructions to the tested vehicles one by one according to a preset time interval so as to enable the tested vehicles to carry out WIFI safety test according to the receiving sequence.
The method and the device have the advantages that the preset time interval is set, the orderly proceeding of the WIFI safety test of the vehicle can be guaranteed, and the credibility of the test result is improved.
Embodiment III:
and merging the plurality of test instructions to obtain a test instruction set, and sending the test instruction set to the tested vehicle.
It should be noted that, the multiple test instructions are combined to obtain the test instruction set, and the current test is not required to be sent after the completion of the current test, so that the test efficiency can be improved, and the test time is avoided being too long.
It can be appreciated that after the test device sends a plurality of test instructions to the vehicle under test based on the WIFI connection, the vehicle under test receives the plurality of test instructions; executing a plurality of test instructions, and performing security test on WIFI of the tested vehicle to obtain a test result; and sending the test result to the test equipment.
S103: and receiving a test result sent by the tested vehicle.
S104: if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a vulnerability modification suggestion.
It should be noted that the vulnerability information includes a specific vulnerability type and a corresponding vulnerability level.
It can be understood that the method for generating the vulnerability test report according to the test result includes steps S1041 to S1043:
s1041: based on the test result, a plurality of holes existing in the WIFI of the tested vehicle are obtained.
It can be understood that the loopholes determined in step S1041 are as follows:
and if the obtained vulnerability information and the feature value are matched with the vulnerability information and the feature value of the protocol stack vulnerability, determining the vulnerability as the protocol stack vulnerability. The vulnerability level may be consistent with the CVE or CNNVD network.
If the weak encryption algorithm is the WPA algorithm, determining that a weak encryption vulnerability exists. If the weak encryption algorithm is the WPA2 algorithm, the WPA2-PSK algorithm or the WPA3 algorithm, the weak encryption vulnerability is determined to be absent.
If WIFI is not able to communicate normally when suffering from denial of service attack, it is determined that a denial of service attack vulnerability exists. If WIFI is able to communicate normally when suffering from a denial of service attack, it is determined that no denial of service attack vulnerability exists.
If the blasting is successful when the dictionary is used for blasting, the existence of weak password holes is determined. If the blasting is unsuccessful when the dictionary is used for blasting, the weak password vulnerability is determined to be absent. The password dictionary is composed according to common passwords and comprises pure numbers, birthdays, names and the like, and comprises publicly available password dictionaries, custom password dictionaries and revealed password libraries.
If the WIFI module is checked to open the dangerous port, determining that a port opening loophole exists. Among other things, common hazard ports: management ports, providing WIFI devices with specific ports for management and configuration, such as 80 (HTTP) and 443 (HTTPs), may result in unauthorized access and manipulation of the devices if these ports are not properly configured or are abused by an attacker. Open ports, some WIFI networks may open ports for specific services or applications, such as FTP (port 21), telnet (port 23), etc., which may be utilized by an attacker for unauthorized access or attack without appropriate security measures. File sharing port, some WIFI networks may enable file sharing functions, such as SMB (port 445) or AFP (port 548). Incorrect configuration or protection of these file sharing ports may result in unauthorized network access and file leakage. VPN ports, virtual Private Networks (VPNs), typically use specific ports for secure communications. If the VPN port on the Wi-Fi device is not properly configured or protected, it may result in data leakage or attacks in the VPN connection. UPnP ports, universal plug and play protocol (UPnP), can help devices automatically configure networks and port forwarding. However, a UPnP port that is not properly configured and protected may be a portal for an attacker to enter the network and attack other devices.
Simulating a similar name and encryption mode of a connected mobile phone WIFI network, connecting a vehicle WIFI, requesting sensitive information or personal data from the vehicle, and if the sensitive information or the personal data of the vehicle can be obtained, determining that a phishing attack vulnerability exists. If the vehicle sensitive information or the personal data cannot be acquired, the fact that the phishing attack vulnerability does not exist is determined.
S1042: scoring the plurality of loopholes according to a preset hazard scoring principle to obtain loophole grades corresponding to the plurality of loopholes.
It can be understood that the method for scoring the plurality of vulnerabilities according to the preset hazard scoring principle may be: multiple vulnerabilities are scored based on a base score, a time score, and an environmental score.
Specifically, the Base score (Base): the original property of the vulnerability is not affected by time and environment, but is measured by the executable (outline) and the degree of influence (Impact). The basic scoring principle is as follows: first, each security hole must be individually assessed and cross-influences with other security holes cannot be considered. Second, only the direct impact of the vulnerability is considered, and the indirect impact is not considered. Third, the impact of vulnerabilities is evaluated in terms of commonly used rights. Fourth, scoring is based on the maximum impact of the vulnerability. Time minutes (Temporal): the vulnerability is not affected by the environment over time, as a simple example, as patches for one vulnerability software continue to increase, the CVSS (Common Vulnerability Scoring System, universal vulnerability scoring system) score for the vulnerability decreases. Environmental division (Environmental): the score representing the execution vulnerability in a particular environment allows the score to be increased or decreased according to the corresponding business needs. Typically, the environmental score requires the end user to evaluate and calculate. The scoring field is used to record or transmit the CVSS quantitative information in a compact form, and the scoring field should score in the order shown in tables 1 and 2. Wherein the basis is divided into necessary options, and the time and environment are divided into selectable options. Each Metric Value (Metric Value) has an associated constant (Numerical Value) that is used in the formula.
Table 1:
table 2:
by the method, the plurality of loopholes are scored, and then, the loopholes grades corresponding to the plurality of loopholes are obtained based on the scoring, which can be shown in table 3. The scoring range of the loopholes is 0-10.0, and is divided into five grades of super-risk (critical), high-risk (high), medium-risk (medium), low-risk (low) and none (none).
Table 3:
| grade | Scoring of |
| Without any means for | 0 |
| Low risk of | 0.1-3.9 |
| Medium risk | 4-6.9 |
| High risk | 7-8.9 |
| Super-danger | 9-10 |
S1043: and obtaining a vulnerability test report based on the plurality of vulnerabilities and the vulnerability grade corresponding to each vulnerability.
According to the embodiment of the application, the WIFI connection is established with the tested vehicle; acquiring a plurality of test instructions, transmitting the plurality of test instructions to a tested vehicle based on WIFI connection, so that the tested vehicle executes the plurality of test instructions, and performing security test on WIFI of the tested vehicle to obtain a test result; receiving a test result sent by a tested vehicle; if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a vulnerability modification suggestion. The test equipment sends a plurality of test instructions to the tested vehicle so that the tested vehicle executes the plurality of test instructions and generates a vulnerability test report according to the test result, thereby avoiding manual confirmation and other operations and shortening the test process of the vehicle information safety test and the time required by result analysis. Therefore, the WIFI safety test efficiency of the vehicle is improved. Meanwhile, the automation degree of the WIFI safety test of the vehicle is improved.
Based on the same inventive concept, the embodiment of the application provides a WIFI safety test method of a vehicle, which is applied to a tested vehicle, and comprises the following steps of S201 to S204:
s201: and receiving and responding to the WIFI connection request sent by the test equipment, so that the test equipment can send a plurality of test instructions based on the WIFI connection after obtaining the plurality of test instructions.
S202: a plurality of test instructions are received.
S203: executing a plurality of test instructions, and performing security test on the WIFI of the tested vehicle to obtain a test result.
S204: and sending the test result to test equipment so that if the test result represents that the WIFI of the tested vehicle has potential safety hazards, the test equipment generates a vulnerability test report according to the test result.
It should be appreciated that, in the embodiments of the present application, further implementation details of the WIFI security test method applied to a vehicle of a tested vehicle are described with reference to the foregoing WIFI security test method applied to a vehicle of a test device, and are not repeated herein for brevity of description.
Based on the same inventive concept, the embodiment of the present application further provides an electronic device, as shown in fig. 3, including a memory 304, a processor 302, and a computer program stored in the memory 304 and capable of running on the processor 302, where the processor 302 executes the program to implement the WIFI security test method applied to the vehicle of the test device or implement the steps described in any implementation manner of the embodiment of the WIFI security test method applied to the vehicle of the tested vehicle.
Where in FIG. 3 a bus architecture (represented by bus 300), bus 300 may comprise any number of interconnected buses and bridges, with bus 300 linking together various circuits, including one or more processors, represented by processor 302, and memory, represented by memory 304. Bus 300 may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., as are well known in the art and, therefore, will not be described further herein. Bus interface 305 provides an interface between bus 300 and receiver 301 and transmitter 303. The receiver 301 and the transmitter 303 may be the same element, i.e. a transceiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 302 is responsible for managing the bus 300 and general processing, while the memory 304 may be used to store data used by the processor 302 in performing operations.
According to the embodiment of the application, the WIFI connection is established with the tested vehicle; acquiring a plurality of test instructions, transmitting the plurality of test instructions to a tested vehicle based on WIFI connection, so that the tested vehicle executes the plurality of test instructions, and performing security test on WIFI of the tested vehicle to obtain a test result; receiving a test result sent by a tested vehicle; if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a vulnerability modification suggestion. The test equipment sends a plurality of test instructions to the tested vehicle so that the tested vehicle executes the plurality of test instructions and generates a vulnerability test report according to the test result, thereby avoiding manual confirmation and other operations and shortening the test process of the vehicle information safety test and the time required by result analysis. Therefore, the WIFI safety test efficiency of the vehicle is improved. Meanwhile, the automation degree of the WIFI safety test of the vehicle is improved.
The functions described herein may be implemented in hardware, software executed by a processor, firmware, or any combination thereof. If implemented in software that is executed by a processor, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Other examples and implementations are within the scope and spirit of the application and the appended claims. For example, due to the nature of software, the functions described above may be implemented using software executed by a processor, hardware, firmware, hardwired, or a combination of any of these. In addition, each functional unit may be integrated in one processing unit, each unit may exist alone physically, or two or more units may be integrated in one unit.
In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate components may or may not be physically separate, and components as control devices may or may not be physical units, may be located in one place, or may be distributed over a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A WIFI security test method for a vehicle, applied to a test device, the method comprising:
establishing WIFI connection with the tested vehicle;
acquiring a plurality of test instructions, and transmitting the plurality of test instructions to the tested vehicle based on the WIFI connection so that the tested vehicle executes the plurality of test instructions, and performing security test on the WIFI of the tested vehicle to obtain a test result;
receiving the test result sent by the tested vehicle;
and if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a modification suggestion of the vulnerability.
2. The WIFI security testing method of a vehicle according to claim 1, wherein the sending the plurality of test instructions to the vehicle under test based on the WIFI connection includes:
transmitting one test instruction of the plurality of test instructions to the tested vehicle so as to enable the tested vehicle to perform the current test of the WIFI safety test;
and responding to the current test completion signal fed back by the tested vehicle, selecting a next test instruction from the plurality of test instructions and sending the next test instruction to the tested vehicle.
3. The WIFI security testing method of a vehicle according to claim 1, wherein the sending the plurality of test instructions to the vehicle under test based on the WIFI connection includes:
and sending the plurality of test instructions to the tested vehicles one by one according to a preset time interval, so that the tested vehicles carry out WIFI safety test according to the receiving sequence.
4. The WIFI security testing method of a vehicle according to claim 1, wherein the sending the plurality of test instructions to the vehicle under test based on the WIFI connection includes:
and merging the plurality of test instructions to obtain a test instruction set, and sending the test instruction set to the tested vehicle.
5. The WIFI security test method according to claim 1, wherein the obtaining a plurality of test instructions includes:
acquiring a plurality of test contents;
and adding executable commands to the plurality of test contents to obtain the plurality of test instructions.
6. The WIFI security testing method of vehicles according to claim 5, wherein the plurality of test contents includes at least two of:
the vulnerability test content of the protocol stack;
testing content by a weak encryption algorithm;
denial of service attack test content;
weak password test content;
port open test content; and
fishing attack test content.
7. The WIFI security test method according to claim 1, wherein the generating a vulnerability test report according to the test result includes:
based on the test result, acquiring a plurality of holes existing in WIFI of the tested vehicle;
scoring the plurality of loopholes according to a preset hazard scoring principle to obtain loophole grades corresponding to the plurality of loopholes;
and obtaining the vulnerability test report based on the plurality of vulnerabilities and the vulnerability grade corresponding to each vulnerability.
8. The WIFI safety test method for the vehicle is applied to the tested vehicle and is characterized by comprising the following steps of:
receiving and responding to a WIFI connection request sent by test equipment, so that the test equipment obtains a plurality of test instructions and then sends the plurality of test instructions based on the WIFI connection;
receiving the plurality of test instructions;
executing the plurality of test instructions, and performing security test on the WIFI of the tested vehicle to obtain a test result;
and sending the test result to the test equipment so that if the test result represents that the WIFI of the tested vehicle has potential safety hazards, the test equipment generates a vulnerability test report according to the test result.
9. A WIFI safety test system of a vehicle, which is characterized by comprising a tested vehicle and test equipment;
the test equipment is used for establishing WIFI connection with the tested vehicle;
the tested vehicle is used for receiving and responding to the WIFI connection request sent by the test equipment;
the test equipment is further used for acquiring a plurality of test instructions, and sending the test instructions to the tested vehicle based on the WIFI connection;
the tested vehicle is further used for receiving the plurality of test instructions; executing the plurality of test instructions, and performing security test on the WIFI of the tested vehicle to obtain a test result; transmitting the test result to the test equipment;
the test equipment is also used for receiving the test result sent by the tested vehicle; and if the test result represents that the WIFI of the tested vehicle has potential safety hazards, generating a vulnerability test report according to the test result, wherein the vulnerability test report comprises vulnerability information of the vulnerability of the WIFI of the tested vehicle and a modification suggestion of the vulnerability.
10. An electronic device, comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1-7 or the method of any one of claim 8 when the computer program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311049207.3A CN117177245A (en) | 2023-08-18 | 2023-08-18 | WIFI safety test method, system and equipment for vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311049207.3A CN117177245A (en) | 2023-08-18 | 2023-08-18 | WIFI safety test method, system and equipment for vehicle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117177245A true CN117177245A (en) | 2023-12-05 |
Family
ID=88943974
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311049207.3A Pending CN117177245A (en) | 2023-08-18 | 2023-08-18 | WIFI safety test method, system and equipment for vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117177245A (en) |
-
2023
- 2023-08-18 CN CN202311049207.3A patent/CN117177245A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12026261B2 (en) | Quarantine of software by an evaluation server based on authenticity analysis of user device data | |
| US12081540B2 (en) | Configuring access to a network service based on a security state of a mobile device | |
| US20200285761A1 (en) | Security policy manager to configure permissions on computing devices | |
| CN110209583B (en) | Security test method, security test device, security test system, security test equipment and security test storage medium | |
| US20020120575A1 (en) | Method of and apparatus for ascertaining the status of a data processing environment | |
| US20120297476A1 (en) | Verifying Transactions Using Out-of-Band Devices | |
| US9015481B2 (en) | Methods and systems for access security for dataloading | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| CN110768951B (en) | Method and device for verifying system vulnerability, storage medium and electronic device | |
| CN113672897A (en) | Data communication method, device, electronic equipment and storage medium | |
| JP2010263310A (en) | Wireless communication device, wireless communication monitoring system, wireless communication method, and program | |
| CN115883170A (en) | Network flow data monitoring and analyzing method and device, electronic equipment and storage medium | |
| EP3745758B1 (en) | Method, device and system for secure connection in wireless communications networks | |
| CN111291372A (en) | Method and device for detecting terminal equipment file based on software gene technology | |
| CN110768950A (en) | Permeation instruction sending method and device, storage medium and electronic device | |
| WO2019047693A1 (en) | Method and device for carrying out wifi network security monitoring | |
| CN101527636B (en) | Platform recognition and management method suitable to ternary-equally recognizing credible network connecting architecture | |
| Visoottiviseth et al. | PITI: Protecting Internet of Things via Intrusion Detection System on Raspberry Pi | |
| CN117177245A (en) | WIFI safety test method, system and equipment for vehicle | |
| CN109842600B (en) | Method for realizing mobile office, terminal equipment and MDM equipment | |
| US10193899B1 (en) | Electronic communication impersonation detection | |
| CN115002775A (en) | Device network access method and device, electronic device and storage medium | |
| US11218297B1 (en) | Onboarding access to remote security control tools | |
| CN116545775B (en) | NFV-based remote trusted network connection method, device and system | |
| AU2021101852A4 (en) | A Threat Model for Threat Detection in IoT Sensor Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |