We often fall back on the Universal Serial Bus (USB) to connect the computer with peripheral devices such as keyboards, external hard drives, mice, and webcams. That process exposes the OS kernels and device drivers to attacks by malicious devices. To detect such attacks, Mathias Payer and Hui Peng have developed a USB software security tool called USBFuzz. Mathias Payer leads the HexHive lab in the School of Computer and Communication Sciences (IC) while Hui Peng is a HexHive researcher and currently pursuing his PhD at Purdue University.
Payer and Peng leveraged open-source components to create the low-cost and hardware-independent tool to fuzz-test USB drivers. It uses a software-emulated USB device to provide random device data to drivers. Since the emulated USB device works at the device level, the tool is portable and easy to use across operating systems including Linux, Windows, and macOS.
USBFuzz has helped the scientists detect 26 new vulnerabilities, including 16 memory bugs of high-security impact in various Linux subsystems (USB Core, USB Sound, and network) that had already been subjected to extensive fuzzing tests. Three of the other vulnerabilities were detected in the macOS operating system, four in Windows, and one in FreeBSD. In a paper that will be presented at the Usenix Security Symposium in August, the researchers observe, “The discovery of bugs in FreeBSD, Windows, and macOS highlights the power of our cross-pollination efforts and demonstrates the portability of USBFuzz.”
Payer and Peng are not only isolating vulnerabilities but also working closely with Linux, Android, Microsoft, and Apple to develop patches to fix the bugs. So far, they have successfully resolved 11 of the new memory bugs.
The researchers plan to release USBFuzz on GitHub as an open source project following their presentation at Usenix.