L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing

Haram Park, Carlos Kayembe Nkuba, Seunghoon Woo, Heejo Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    11 Citations (Scopus)

    Abstract

    Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technology used in billions of devices. Recently, several Bluetooth fuzzing studies have been conducted to detect vulnerabilities in Bluetooth devices, but they fall short of effectively generating malformed packets. In this paper, we propose L2FUZZ, a stateful fuzzer to detect vulnerabilities in Bluetooth BR/EDR Logical Link Control and Adaptation Protocol (L2CAP) layer. By selecting valid commands for each state and mutating only the core fields of packets, L2FUZZ can generate valid malformed packets that are less likely to be rejected by the target device. Our experimental results confirmed that: (1) L2FUZZ generates up to 46 times more malformed packets with a much less packet rejection ratio compared to the existing techniques, and (2) L2FUZZ detected five zero-day vulnerabilities from eight real-world Bluetooth devices.

    Original languageEnglish
    Title of host publicationProceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages343-354
    Number of pages12
    ISBN (Electronic)9781665416931
    DOIs
    Publication statusPublished - 2022
    Event52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022 - Baltimore, United States
    Duration: 2022 Jun 272022 Jun 30

    Publication series

    NameProceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022

    Conference

    Conference52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
    Country/TerritoryUnited States
    CityBaltimore
    Period22/6/2722/6/30

    Bibliographical note

    Publisher Copyright:
    © 2022 IEEE.

    Keywords

    • Bluetooth
    • Fuzz Testing
    • Wireless Security

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture
    • Information Systems
    • Information Systems and Management
    • Safety, Risk, Reliability and Quality

    Fingerprint

    Dive into the research topics of 'L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing'. Together they form a unique fingerprint.

    Cite this