"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba

Codenomicon Presentation


Intelligent Bluetooth Fuzzing - Why Bother?

Presentation at DeepSec 2011

Tommi Mäkilä and Jukka Taimisto
Codenomicon Ltd.


Bluetooth robustness is wretched, no surprise there. Bluetooth test results from plugfests show 80% failure rate, eight out of ten tests end with a crash. It is not pretty, it is sad and frustrating. For a moment, few years back, there seemed to be light at the end of the tunnel: the failures were moving up the Bluetooth stack, and for example L2CAP robustness showed some improvement. Only for a moment though, as recent tests again show a steady decline in results.

In this session, we discuss Bluetooth vulnerabilities and the problems they may cause. We share our test results from plugfests and car kit tests, that will basically demonstrate how easily everything crashes.

Of course, presenting one failed test case after another is not very interesting in the long run. That is why the second part of the presentation consists of discussion on fuzzing techniques and creating intelligent fuzzers for Bluetooth systems. We discuss attack vectors, different approaches and opportunities, and speculate the possibility to break the pairing requirement. We also discuss how and why building intelligent fuzzers is basically a waste of time, since all the test targets will fail even with the less intelligent test suites.

Although it seems to be a widely known and accepted fact that Bluetooth robustness and security leaves a lot to hope for, it is perhaps not known how truly poor it actually is. At least that is what we prefer to believe, otherwise it would mean that Bluetooth manufacturers know about the issues but do not care. Whichever the case, Bluetooth users deserve equipment that they can count on to work. Bluetooth security and robustness testing can and should be done better, that is why this topic needs to be discussed publicly.

Download PDF    pdf

> Contact Codenomicon to know more about fuzzing.