TY - GEN
T1 - L2Fuzz
T2 - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
AU - Park, Haram
AU - Nkuba, Carlos Kayembe
AU - Woo, Seunghoon
AU - Lee, Heejo
N1 - Funding Information:
We appreciate the anonymous reviewers and our shepherd for their helpful comments. This work was supported by Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No.2019-0-01697 Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security, No.2019-0-01343 Regional Strategic Industry Convergence Security Core Talent Training Business, and No.IITP-2022-2020-0-01819 ICT Creative Consilience program).
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technology used in billions of devices. Recently, several Bluetooth fuzzing studies have been conducted to detect vulnerabilities in Bluetooth devices, but they fall short of effectively generating malformed packets. In this paper, we propose L2FUZZ, a stateful fuzzer to detect vulnerabilities in Bluetooth BR/EDR Logical Link Control and Adaptation Protocol (L2CAP) layer. By selecting valid commands for each state and mutating only the core fields of packets, L2FUZZ can generate valid malformed packets that are less likely to be rejected by the target device. Our experimental results confirmed that: (1) L2FUZZ generates up to 46 times more malformed packets with a much less packet rejection ratio compared to the existing techniques, and (2) L2FUZZ detected five zero-day vulnerabilities from eight real-world Bluetooth devices.
AB - Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technology used in billions of devices. Recently, several Bluetooth fuzzing studies have been conducted to detect vulnerabilities in Bluetooth devices, but they fall short of effectively generating malformed packets. In this paper, we propose L2FUZZ, a stateful fuzzer to detect vulnerabilities in Bluetooth BR/EDR Logical Link Control and Adaptation Protocol (L2CAP) layer. By selecting valid commands for each state and mutating only the core fields of packets, L2FUZZ can generate valid malformed packets that are less likely to be rejected by the target device. Our experimental results confirmed that: (1) L2FUZZ generates up to 46 times more malformed packets with a much less packet rejection ratio compared to the existing techniques, and (2) L2FUZZ detected five zero-day vulnerabilities from eight real-world Bluetooth devices.
KW - Bluetooth
KW - Fuzz Testing
KW - Wireless Security
UR - http://www.scopus.com/inward/record.url?scp=85136335950&partnerID=8YFLogxK
U2 - 10.1109/DSN53405.2022.00043
DO - 10.1109/DSN53405.2022.00043
M3 - Conference contribution
AN - SCOPUS:85136335950
T3 - Proceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
SP - 343
EP - 354
BT - Proceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 27 June 2022 through 30 June 2022
ER -