摘要: Fuzzing是一种自动化的漏洞挖掘技术。该文在分析OBEX 协议的基础上,利用Fuzzing技术,设计并实现了蓝牙OBEX协议的Fuzzer工具——OBEX-Fuzzer,并且利用该工具对OBEX协议在Nokia N73和SMH-BT555蓝牙适配器上的实现进行了漏洞测试,发现存在多个安全漏洞,实践结果表明了研究思路的正确性以及利用OBEX-Fuzzer工具进行安全漏洞测试的高效性。
关键词:
漏洞挖掘,
对象交换协议,
Fuzzing技术,
智能手机
Abstract: Fuzzing is an automatic vulnerability discovery technique. Based on the analysis of OBEX protocol, this paper designs and implements a bluetooth OBEX protocol Fuzzing tool, OBEX-Fuzzer. Two implementations of OBEX protocol in Nokia N73 and SMH-BT555 bluetooth adaptor have been tested by the tool. In result, several vulnerabilities have been found in them, which indicates that the research route is correct and the OBEX-Fuzzer tool is effective.
Key words:
vulnerability discovery,
Object Exchange Protocol(OBEX),
Fuzzing technology,
smartphone
中图分类号:
成厚富;张玉清. 基于Fuzzing的蓝牙OBEX漏洞挖掘技术[J]. 计算机工程, 2008, 34(19): 151-153,.
CHENG Hou-fu; ZHANG Yu-qing. Bluetooth OBEX Vulnerability Discovery Technique Based on Fuzzing[J]. Computer Engineering, 2008, 34(19): 151-153,.