Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities

Wireless LANs (WLAN) are becoming ubiquitous, as more and more consumer electronic equipments start to support them. This creates new security concerns, since hackers no longer need physical connection to the networks linking the devices, but only need to be in their proximity, to send malicious data to exploit some vulnerability. In this paper we present a fuzzer, called Wdev-Fuzzer, which can be utilized to locate security vulnerabilities in Wi-Fi device drivers. Our experiments with a Windows Mobile 5 device indicate that Wdev-Fuzzer can be quite effective in confirming known issues and discovering previously unknown problems.

[1]  Nuno Ferreira Neves,et al.  Robustness Testing of the Windows DDK , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[2]  Daniel P. Siewiorek,et al.  Robustness testing and hardening of CORBA ORB implementations , 2001, 2001 International Conference on Dependable Systems and Networks.

[3]  Neeraj Suri,et al.  Error propagation profiling of operating systems , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[4]  Jacob A. Abraham,et al.  FERRARI: a tool for the validation of system dependability properties , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[5]  William J. Bolosky,et al.  Mach: A New Kernel Foundation for UNIX Development , 1986, USENIX Summer.

[6]  Henrique Madeira,et al.  Characterization of operating systems behavior in the presence of faulty drivers through software fault emulation , 2002, 2002 Pacific Rim International Symposium on Dependable Computing, 2002. Proceedings..

[7]  Ravishankar K. Iyer,et al.  Measuring Fault Tolerance with the FTAPE Fault Injection Tool , 1995, MMB.

[8]  Jean Arlat,et al.  Dependability of COTS Microkernel-Based Systems , 2002, IEEE Trans. Computers.

[9]  Henrique Madeira,et al.  Xception: Software Fault Injection and Monitoring in Processor Functional Units1 , 1995 .

[10]  Jean Arlat,et al.  Fault Injection and Dependability Evaluation of Fault-Tolerant Systems , 1993, IEEE Trans. Computers.

[11]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.

[12]  Ravishankar K. Iyer,et al.  Characterization of linux kernel behavior under errors , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[13]  Jean Arlat,et al.  Characterization of the impact of faulty drivers on the robustness of the Linux kernel , 2004, International Conference on Dependable Systems and Networks, 2004.

[14]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[15]  Johan Karlsson,et al.  GOOFI: generic object-oriented fault injection tool , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[16]  Philip Koopman,et al.  The Exception Handling Effectiveness of POSIX Operating Systems , 2000, IEEE Trans. Software Eng..

[17]  Peter Oehlert,et al.  Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..

[18]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[19]  Charles P. Shelton,et al.  Robustness testing of the Microsoft Win32 API , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[20]  Jean Arlat,et al.  Dependability of CORBA systems: service characterization by fault injection , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..