Security News > 2020 > May > New fuzzing tool for USB drivers uncovers bugs in Linux, macOS, Windows
With a new fuzzing tool created specifically for testing the security of USB drivers, researchers have discovered more than two dozen vulnerabilities in a variety of operating systems.
"USBFuzz discovered a total of 26 new bugs, including 16 memory bugs of high security impact in various Linux subsystems, one bug in FreeBSD, three in macOS, and four in Windows 8 and Windows 10, and one bug in the Linux USB host controller driver and another one in a USB camera driver," Hui Peng and Mathias Payer explained.
USBFuzz, which Peng and Payer plan to open source on GitHub in the near future, is a modular testing framework that can be used for fuzzing USB drivers in different OS kernels.
"Fuzzing device drivers is challenging due to the difficulty in providing random input from a device. Dedicated programmable hardware devices are expensive and do not scale as one device can only be used to fuzz one target. More importantly, it is challenging to automate fuzzing on real hardware due to the required physical actions for each test," the researchers explained the motivation for creating USB-Fuzz.
"At its core, USB-Fuzz uses a software-emulated USB device to provide random device data to drivers. As the emulated USB device works at the device level, porting it to other platforms is straight-forward."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/iR7wKRff_K4/
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Fake AI video generators infect Windows, macOS with infostealers (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)