New software security tool to detect bugs in OS

A portable, flexible, and modular framework for fuzz testing USB drivers.

Follow us onFollow Tech Explorist on Google News

The Universal Serial Bus (USB) connects external devices to a host. This interface exposes the OS kernels and device drivers to attacks by malicious devices.

To help detect such vulnerabilities, EPFL researchers have come up with a new security tool called USBFuzz to identify vulnerabilities in the USB driver stacks of widely used operating systems, including Linux, Windows, and macOS.

USBFuzz is a portable, flexible, and modular framework for fuzz testing USB drivers. Its software called fuzzer test a computer’s ability to thwart an attack. At its core, it uses a software-emulated USB device to provide random device data to drivers.

USBFuzz works by delivering bits of random data to a target computer before autonomously observing how well the computer’s software handles the unexpected inputs.

Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), said“Fuzzing is the widely used technique to find bugs. It relies on providing random data to programs. USBFuzz now extends this approach to testing external peripherals across the software-hardware barrier. Peripherals are notoriously hard to test, and USBFuzz provides an automated approach to doing so.”

Using USBFuzz, scientists identified 26 new vulnerabilities that could potentially be exploited by malicious actors, including 16 memory bugs of high-security impact in various Linux subsystems.

Three vulnerabilities were found in the macOS operating system, four in Windows, and one in FreeBSD.

Scientists are now working with the security teams of Linux, Android, Microsoft, and Apple to report and fix the discovered vulnerabilities. Thus far, 11 of the new memory bugs have already been resolved.

References:
  1. USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation.
Up next

Researchers reveal ambient light sensors on smart devices can be used as cameras

Ambient light sensors on smart devices to capture touch interaction images like swiping and tapping.

Using radio waves to remotely monitor nuclear weapons stockpiles

Researchers proposed a new method for monitoring nuclear disarmament treaties.
Recommended Books
The Cambridge Handbook of the Law, Policy, and Regulation for Human–Robot Interaction (Cambridge Law Handbooks)

The Cambridge Handbook of the Law, Policy, and Regulation for Human-Robot...

Book By
Cambridge University Press
Picks for you

Hubble sees a rare ‘bullseye’ galaxy with nine mesmerizing rings

Clay could power the future of screens

Bones respond positively to external forces

Unexpected magnetism in atomically thin material discovered and explained

New ultrathin conductor promises more efficient, cooler electronics