ATFuzzer
| Autor: | Fabrizio Cicala, Omar Chowdhury, Imtiaz Karim, Syed Rafiul Hussain, Elisa Bertino |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
Correctness
Computer Networks and Communications Computer science 020206 networking & telecommunications 020207 software engineering 02 engineering and technology Fuzz testing USB computer.software_genre Computer Science Applications law.invention Bluetooth Rule-based machine translation Hardware and Architecture law 0202 electrical engineering electronic engineering information engineering Operating system Cellular network Baseband processor Android (operating system) Safety Research computer Software Information Systems |
| Zdroj: | Digital Threats: Research and Practice. 1:1-29 |
| ISSN: | 2576-5337 2692-1626 |
| Popis: | Application processors of modern smartphones use the AT interface for issuing high-level commands (or AT-commands) to the baseband processor for performing cellular network operations (e.g., placing a phone call). Vulnerabilities in this interface can be leveraged by malicious USB or Bluetooth peripherals to launch pernicious attacks. In this article, we propose ATFuzzer, which uses a grammar-guided evolutionary fuzzing approach that mutates production rules of the AT-command grammar instead of concrete AT commands to evaluate the correctness and robustness of the AT-command execution process. To automate each step of the analysis pipeline, ATFuzzer first takes as input the 3GPP and other vendor-specific standard documents and, following several heuristics, automatically extracts the seed AT command grammars for the fuzzer. ATFuzzer uses the seed to generate both valid and invalid grammars, following our cross-over and mutation strategies to evaluate both the integrity and execution of AT-commands. Empirical evaluation of ATFuzzer on 10 Android smartphones from 6 vendors revealed 4 invalid AT command grammars over Bluetooth and 14 over USB with implications ranging from DoS, downgrade of cellular protocol version, to severe privacy leaks. The vulnerabilities along with the invalid AT-command grammars were responsibly disclosed to affected vendors and assigned CVE’s. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|