New fuzzing tool for USB drivers uncovers bugs in Linux, macOS, Windows - Help Net Security

New fuzzing tool for USB drivers uncovers bugs in Linux, macOS, Windows - Help Net Security

With a new fuzzing tool created specifically for testing the security of USB drivers, researchers have discovered more than two dozen vulnerabilities in a variety of operating systems.


“USBFuzz discovered a total of 26 new bugs, including 16 memory bugs of high security impact in various Linux subsystems (USB core, USB sound, and network), one bug in FreeBSD, three in macOS (two resulting in an unplanned reboot and one freezing the system), and four in Windows 8 and Windows 10 (resulting in Blue Screens of Death), and one bug in the Linux USB host controller driver and another one in a USB camera driver,” Hui Peng and Mathias Payer explained.


11 of the Linux bugs have already received a patch.


Making fuzzing USB drivers easier


USBFuzz, which Peng and Payer plan to open source on GitHub in the near future, is a modular testing framework that can be used for fuzzing USB drivers in different OS kernels.



Fuzzing (or fuzz testing) involves the automated inputing of invalid, unexpected, or random data into software (in this case drivers), looking how the program behaves – whether it crashes, shows memory leaks, etc. – and checking whether these behaviors can be exploited for malicious ends.


“Fuzzing device drivers is challenging due to the difficulty in providing random input from a device. Dedicated programmable hardware devices are expensive and do not scale as one device can only be used to fuzz one target. More importantly, it is challenging to automate fuzzing on real hardware due to the required physical actions (attaching and detaching the device) for each test,” the researchers explained the motivation for creating USB-Fuzz.


They wanted to make the fuzing device cost-effecti ..