"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba


"Codenomicon has found a critical focus area which expands beyond web testing, where the XML industry has an opportunity to proactively assess the security holes contained in everyday services used by the general public. I would hope the industry warmly welcomes both the research results and an innovative testing solution to help diagnose the problems."

Prof. Howard A. Schmidt
former White House Cyber Security advisor & Codenomicon board member

DEFENSICS™ for Bluetooth   pdf

Codenomicon Defensics for Bluetooth

Introduction | Defensics Advantage

Introduction

Bluetooth technology is all around us. It is used for example in computers, mobile phones, handsfree equipment, and the car audio systems. Unfortunately, Bluetooth systems have little or no tolerance for malformed input: Test results from plugfests show a failure rate of over 80%. Exploits or malfunctioning devices can cause serious problems with the device operation and service availability. Bluetooth device operation may slow down, or device may show unusual behavior or crash completely. This causes degraded quality of service and even denial of service (DoS). In a worst case scenario, malformed input can be used by an outside attacker to gain unauthorized access to Bluetooth device.

Bluetooth testing mostly focuses on conformance testing, and security threats are downplayed as they are thought to be handled with authentication and device pairing. However, several message sequences take place before authentication and vulnerabilities in these message sequences will be triggered regardless of the security measures employed. This is a problem in particular with L2CAP since it does not require pairing. This means, that L2CAP can be targeted without the user accepting or even noticing the attack.

Fuzz testing is critical testing technique for revealing reliability issues in wireless communications. It is the most efficient testing method for finding both previously known and unknown vulnerabilities in software. Codenomicon Defensics for Bluetooth is a model-based Fuzzing solution, and addresses the challenges of systematically testing Bluetooth applications and networks. Defensics will find majority of Bluetooth threats proactively, and helps you to harden your systems before deployment.

Bluetooth security

There are several common misconceptions about Bluetooth security that undermine the importance of proper testing. People think, that authentication is enough security when it comes to Bluetooth. They think, that since the Bluetooth device contains nothing valuable, no-one will attack it. They believe, that the conformance testing done by vendors is enough.

The truth is, of course, that there are exploits for Bluetooth already out there, and they are used to attack Bluetooth devices. Either just for fun, or to target a prominent company or person. What is more, it does not require an outside attacker to trigger Bluetooth vulnerability. Malfunctioning or non-conforming equipment, when contacted or paired, can send malformed data by accident.

Defensics for Bluetooth

Bluetooth technologies have had more than their share of security problems. Such incidents are always costly both in terms of sales and reputation. Defensics enables you to find and fix critical security flaws, before any problems occur.

  • THE ONLY PROTOCOL TEST TOOL FOR BLUETOOTH: Most security test look for known reported vulnerabilities, whereas Defensics tests the unknown. Defensics for Bluetooth is the only tool that enables you to find Zero-Day bugs in Bluetooth networks and applications.
  • TESTS THE ENTIRE BLUETOOTH SOFTWARE HOST STACK: Test your entire Bluetooth application from the L2CAP layer. Defensics for Bluetooth contains ready-made tests for all Bluetooth protocols. With the DEFENSICS test platform, you can test different protocols simultaneously.
  • REQUIRES NO TESTING EXPERIENCE: You don't need to be an expert in Bluetooth protocols to test your systems thoroughly. With Defensics, the expertise needed is built into the tools.

Test suite technical data

Here are the test suites that belong to the Bluetooth test suite package. See Codenomicon Robustness Tester for Bluetooth Data Sheet (http://www.codenomicon.com/products/bluetooth.shtml) for more information.

  • L2CAP
  • SDP
  • RFCOMM
  • OPP
  • FTP
  • IrMC Synch
  • BIP
  • BPP
  • BNEP
  • HFP
  • HSP
  • DUN
  • PBAP
  • FAX
  • AVRCP
  • A2DP
  • HCRP
  • HID
  • SAP
  • HFP Client
  • HSP Client
  • HDP