Abstract
Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technology used in billions of devices. Recently, several Bluetooth fuzzing studies have been conducted to detect vulnerabilities in Bluetooth devices, but they fall short of effectively generating malformed packets. In this paper, we propose L2FUZZ, a stateful fuzzer to detect vulnerabilities in Bluetooth BR/EDR Logical Link Control and Adaptation Protocol (L2CAP) layer. By selecting valid commands for each state and mutating only the core fields of packets, L2FUZZ can generate valid malformed packets that are less likely to be rejected by the target device. Our experimental results confirmed that: (1) L2FUZZ generates up to 46 times more malformed packets with a much less packet rejection ratio compared to the existing techniques, and (2) L2FUZZ detected five zero-day vulnerabilities from eight real-world Bluetooth devices.
Original language | English |
---|---|
Title of host publication | Proceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 343-354 |
Number of pages | 12 |
ISBN (Electronic) | 9781665416931 |
DOIs | |
Publication status | Published - 2022 |
Event | 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022 - Baltimore, United States Duration: 2022 Jun 27 → 2022 Jun 30 |
Publication series
Name | Proceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022 |
---|
Conference
Conference | 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022 |
---|---|
Country/Territory | United States |
City | Baltimore |
Period | 22/6/27 → 22/6/30 |
Bibliographical note
Publisher Copyright:© 2022 IEEE.
Keywords
- Bluetooth
- Fuzz Testing
- Wireless Security
ASJC Scopus subject areas
- Computer Networks and Communications
- Hardware and Architecture
- Information Systems
- Information Systems and Management
- Safety, Risk, Reliability and Quality