The New Ways to Break Mobile and Embedded Software: An Interview with Jon Hagar

With more than thirty years of experience in software, Jon Hagar brings a wealth of knowledge to our community, and he shares a great amount of it in his new book, Software Test Attacks to Break Mobile and Embedded Devices. Jon sat down with us to discuss the true future of testing.
Noel: Hi, Jon. I wanted to give you a chance to talk a little about your new book, Software Test Attacks to Break Mobile and Embedded Devices. What made you want to write it? Honestly, it seems like a great time for a book like this, given that embedded software is on everyone's minds these days, whether they know it or not. And please feel free to let the readers know where they can find your book!
Jon: Thank you, Noel. The book is out now and is available in both e-reader and hardcopy format from various sellers, like Amazon, Google, and the CRC Press website.
I think the time is ripe for a book specific to testing mobile and embedded software devices, given the growth of software in these. We are seeing “smart” systems everywhere: cars, planes, light switches, TVs—you name it. If it is electronic, it seems somebody wants to make it “smart” or smarter.
Likewise, the mobile and smartphone devices with apps are growing at high rates—much faster than traditional computing platforms. Such explosive growth is familiar in the high-tech world. We saw it first in computers, then personal computers, and then the so-called “dot com” web world growth. Each time it seemed with the rush to market with software, quality took a back seat. But then, not every company producing software in these explosions survived. Many of the companies that did survive balanced quality of software with cost to produce and time to market. Testers should provide the key information about the qualities of software.
There is no one answer about what a "quality key” is, and there is no “best practice” in testing, but for companies producing mobile and embedded software, they must consider using testing to help balance the quality-to-cost-to-schedule equation. Companies need to see test not as a tax, but as a resource to provide decision makers with useful data points with which to make decisions.
I wrote this book to capture aspects of the mental models I had developed over thirty years of testing mobile and embedded systems. I came to realize that I had a mental error taxonomy that guided my testing. I spent years searching public records to first create a written taxonomy. Then I published the data (and it is in the book), and it won "best paper" at a STARWEST conference in 2010. Next, I started thinking about James Whittaker’s work on attack-based testing and realized that my taxonomy and the mental models I had could lead me to doing attacks the way Whittaker described, but my attacks were different because embedded and mobile had unique sub-capabilities and bugs.
So, I started writing and creating attack patterns to address errors that the taxonomy indicated were common. The attacks expanded in the areas where mobile and embedded devices are now going, such as security, gaming, communication, performance, and controls. I did years of work on this while embedded and mobile software grew. The mobile and embedded software world is a moving target, but I believe the book serves as a starting point for testers to find patterns to apply in their testing, and then to expand into their own mental models. Finally, I hope the book can help traditional IT testers move into the mobile-embedded world.

About the author

Upcoming Events

Oct 15
Nov 05
Nov 14
Jun 03