Book Review: Software Test Attacks to Break Mobile and Embedded Devices
Author: Jon Duncan Hagar
Reviewed by Michael D. Sowers

When it comes to testing, I've borrowed the Nike tagline and adapted it as my own mantra: "Just break it." I'm new to mobile and embedded, and I was delighted to discover Jon Duncan Hagar's book Software Test Attacks to Break Mobile and Embedded Devices. It's written for testers as a teaching and reference text to find defects in mobile and embedded software, and it's a book you will certainly want to add to your reference shelf.

Mobile and embedded devices surround us and are becoming more ubiquitous each day. Just ask yourself, "How many untethered devices have I used today?" That new refrigerator that keeps track of your food inventory, your smart microwave, all of the components and controls for your home entertainment system, those hundreds of embedded systems now in your automobile, and, of course, your smartphone, laptop, and tablet—they all contain this technology.

If you're a developer or a tester, mobile is where the future will be. This makes it imperative that all of us in the technical community accelerate our knowledge and fortify our "toolboxes" with techniques and approaches to deliver high-quality, secure, reliable, and highly available mobile and embedded systems. My belief is that the future of work and leisure will be driven by mobile and embedded systems; we will learn, collaborate, manage our lives, and house our digital knowledge all with mobile and embedded systems as the primary interface to our interactive world. If this is the case, every one of us has a critical stake in ensuring that these devices perform (near) flawlessly.

Insights from Software Test Attacks to Break Mobile and Embedded Systems
Whenever I must choose a book from that stack of backlogged "to-be-read" books in my den, I always ask myself, "What benefit will I derive from the time invested?" (Full disclosure: My wife believes this is totally lame as she thinks books are for your reading pleasure—go figure!) Admittedly, I mostly read to learn, to grow, and to challenge my own thinking and mental models. This is just what Jon Hagar's book provides. Whether you're new to mobile and embedded systems or have been working in this area for a while, you will find valuable ideas and guidance in this insightful text.

In twelve concise chapters, Hagar lays out thirty-three patterns for test attacks to break mobile and embedded devices. A few of the chapter titles are “Develop Attacks: Taking the Code Head On,” “Time Attacks: ‘It's about Time,’” and “Human User Interface Attacks: ‘The Limited (and Unlimited) User Interface.’”

In most chapters Hagar tells you at what stage of the project lifecycle to apply the attack, who conducts the attack (developers, testers, users, etc.), in what environment the attack should be conducted, contextual examples of what faults make the attack successful, and how to conduct the attack (for many attacks, a specific set of recommended steps to follow is included).

Each chapter addresses particular dimensions of the mobile and embedded world, such as mobile and smart wireless devices (tablets, phones, etc.), embedded software devices (brake systems, microwaves, etc.), critical mobile devices (pacemakers, medical monitors and controls, etc.), and critical large embedded devices (devices in airplanes, satellites, manufacturing plants, etc.).

Within each chapter there are many tables that assist the reader with key decisions that need to be made in developing and executing test strategies. Hagar has also provided highlighted takeaway notes to emphasize the important points and key questions at the end of each chapter to test your knowledge.

Finally, there are seven appendices and a reference section that provide easy access to information such as a Mobile and Embedded Error Taxonomy, Mobile and Embedded Coding Rules, Basic Time Concepts in Mobile and Embedded, and a UI/GUI and Game Evaluation Checklist. I found this book to meet its stated aim. It provides the reader useful information for strengthening the rate of defect identification in mobile and embedded systems. Hagar provides many insights in multiple dimensions as he shares his knowledge and experience in this text. He has packed a lot of useful material into 343 pages in a straightforward, applicable, and easily referenced way. The book provides a well-organized set of information drawing on other fresh ideas based on the author’s experience as well as long standing texts such as Lee Copland's A Practitioner's Guide to Software Test Design, James Whittaker's Exploratory Software Testing, and Rick Craig's and Stefan Jaskiel's Systematic Software Testing.

The key takeaways for me from Hagar’s well-formed book were the hundreds of ideas presented as he details what to think about when designing, developing, and testing mobile and embedded systems. This is a book that readers can immediately apply. You can easily use it as a key reference for authoring the test strategy and test plan for your current or upcoming testing project that has mobile or embedded components.

Whether you're new to mobile and embedded or you have extensive experience, the book provides valuable insights and new ideas on attacking these classes of software and systems. Developers and testers will find this book useful in both designing code to avoid becoming a victim of such attacks and in designing useful tests to break mobile and embedded systems. It's also a good read for architects and project managers of mobile and embedded systems. If you want to stay current and relevant, read this book!