DeepAI AI Chat
Log In Sign Up

L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing

07/30/2022
by   Haram Park, et al.
Korea University
0

Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technology used in billions of devices. Recently, several Bluetooth fuzzing studies have been conducted to detect vulnerabilities in Bluetooth devices, but they fall short of effectively generating malformed packets. In this paper, we propose L2FUZZ, a stateful fuzzer to detect vulnerabilities in Bluetooth BR/EDR Logical Link Control and Adaptation Protocol (L2CAP) layer. By selecting valid commands for each state and mutating only the core fields of packets, L2FUZZ can generate valid malformed packets that are less likely to be rejected by the target device. Our experimental results confirmed that: (1) L2FUZZ generates up to 46 times more malformed packets with a much less packet rejection ratio compared to the existing techniques, and (2) L2FUZZ detected five zero-day vulnerabilities from eight real-world Bluetooth devices.

READ FULL TEXT
01/01/2021

PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification

End-user-devices in the current cellular ecosystem are prone to many dif...
06/26/2019

Men-in-the-Middle Attack Simulation on Low Energy Wireless Devices using Software Define Radio

The article presents a method of organizing men-in-the-middle attack and...
01/18/2019

IoT Device Fingerprint using Deep Learning

Device Fingerprinting (DFP) is the identification of a device without us...
02/18/2020

Discovering ePassport Vulnerabilities using Bisimilarity

We uncover privacy vulnerabilities in the ICAO 9303 standard implemented...
10/04/2021

BLEnD: Improving NDN Performance Over Wireless Links Using Interest Bundling

Named Data Networking (NDN) employs small-sized Interest packets to retr...
08/21/2020

One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit Microcontrollers

With the increasing complexity of embedded systems, the firmware has bec...