计算机工程 ›› 2008, Vol. 34 ›› Issue (19): 151-153,.doi: 10.3969/j.issn.1000-3428.2008.19.051

• 安全技术 • 上一篇    下一篇

基于Fuzzing的蓝牙OBEX漏洞挖掘技术

成厚富1,2,张玉清2   

  1. (1. 西安电子科技大学通信工程学院,西安 710071;2. 中国科学院研究生院国家计算机网络入侵防范中心,北京 100043)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-10-05 发布日期:2008-10-05

Bluetooth OBEX Vulnerability Discovery Technique Based on Fuzzing

CHENG Hou-fu1,2, ZHANG Yu-qing2   

  1. (1. School of Telecommunication Engineering, Xidian University, Xian 710071; 2. National Computer Network Intrusion Protection Center, Graduate University of Chinese Academy Sciences, Beijing 100043)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-10-05 Published:2008-10-05

摘要: Fuzzing是一种自动化的漏洞挖掘技术。该文在分析OBEX 协议的基础上,利用Fuzzing技术,设计并实现了蓝牙OBEX协议的Fuzzer工具——OBEX-Fuzzer,并且利用该工具对OBEX协议在Nokia N73和SMH-BT555蓝牙适配器上的实现进行了漏洞测试,发现存在多个安全漏洞,实践结果表明了研究思路的正确性以及利用OBEX-Fuzzer工具进行安全漏洞测试的高效性。

关键词: 漏洞挖掘, 对象交换协议, Fuzzing技术, 智能手机

Abstract: Fuzzing is an automatic vulnerability discovery technique. Based on the analysis of OBEX protocol, this paper designs and implements a bluetooth OBEX protocol Fuzzing tool, OBEX-Fuzzer. Two implementations of OBEX protocol in Nokia N73 and SMH-BT555 bluetooth adaptor have been tested by the tool. In result, several vulnerabilities have been found in them, which indicates that the research route is correct and the OBEX-Fuzzer tool is effective.

Key words: vulnerability discovery, Object Exchange Protocol(OBEX), Fuzzing technology, smartphone

中图分类号: