The Universal Serial Bus (USB) connects external devices to a host. This interface exposes the OS kernels and device drivers to attacks by malicious devices.
To help detect such vulnerabilities, EPFL researchers have come up with a new security tool called USBFuzz to identify vulnerabilities in the USB driver stacks of widely used operating systems, including Linux, Windows, and macOS.
USBFuzz is a portable, flexible, and modular framework for fuzz testing USB drivers. Its software called fuzzer test a computer’s ability to thwart an attack. At its core, it uses a software-emulated USB device to provide random device data to drivers.
USBFuzz works by delivering bits of random data to a target computer before autonomously observing how well the computer’s software handles the unexpected inputs.
Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), said, “Fuzzing is the widely used technique to find bugs. It relies on providing random data to programs. USBFuzz now extends this approach to testing external peripherals across the software-hardware barrier. Peripherals are notoriously hard to test, and USBFuzz provides an automated approach to doing so.”
Using USBFuzz, scientists identified 26 new vulnerabilities that could potentially be exploited by malicious actors, including 16 memory bugs of high-security impact in various Linux subsystems.
Three vulnerabilities were found in the macOS operating system, four in Windows, and one in FreeBSD.
Scientists are now working with the security teams of Linux, Android, Microsoft, and Apple to report and fix the discovered vulnerabilities. Thus far, 11 of the new memory bugs have already been resolved.