L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing

Haram Park, Carlos Kayembe Nkuba, Seunghoon Woo, Heejo Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technology used in billions of devices. Recently, several Bluetooth fuzzing studies have been conducted to detect vulnerabilities in Bluetooth devices, but they fall short of effectively generating malformed packets. In this paper, we propose L2FUZZ, a stateful fuzzer to detect vulnerabilities in Bluetooth BR/EDR Logical Link Control and Adaptation Protocol (L2CAP) layer. By selecting valid commands for each state and mutating only the core fields of packets, L2FUZZ can generate valid malformed packets that are less likely to be rejected by the target device. Our experimental results confirmed that: (1) L2FUZZ generates up to 46 times more malformed packets with a much less packet rejection ratio compared to the existing techniques, and (2) L2FUZZ detected five zero-day vulnerabilities from eight real-world Bluetooth devices.

Original languageEnglish
Title of host publicationProceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages343-354
Number of pages12
ISBN (Electronic)9781665416931
DOIs
Publication statusPublished - 2022
Event52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022 - Baltimore, United States
Duration: 2022 Jun 272022 Jun 30

Publication series

NameProceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022

Conference

Conference52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
Country/TerritoryUnited States
CityBaltimore
Period22/6/2722/6/30

Bibliographical note

Publisher Copyright:
© 2022 IEEE.

Keywords

  • Bluetooth
  • Fuzz Testing
  • Wireless Security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing'. Together they form a unique fingerprint.

Cite this