摘要： Fuzzing是一种自动化的漏洞挖掘技术。该文在分析OBEX 协议的基础上，利用Fuzzing技术，设计并实现了蓝牙OBEX协议的Fuzzer工具——OBEX-Fuzzer，并且利用该工具对OBEX协议在Nokia N73和SMH-BT555蓝牙适配器上的实现进行了漏洞测试，发现存在多个安全漏洞，实践结果表明了研究思路的正确性以及利用OBEX-Fuzzer工具进行安全漏洞测试的高效性。

关键词: 漏洞挖掘, 对象交换协议, Fuzzing技术, 智能手机

Abstract: Fuzzing is an automatic vulnerability discovery technique. Based on the analysis of OBEX protocol, this paper designs and implements a bluetooth OBEX protocol Fuzzing tool, OBEX-Fuzzer. Two implementations of OBEX protocol in Nokia N73 and SMH-BT555 bluetooth adaptor have been tested by the tool. In result, several vulnerabilities have been found in them, which indicates that the research route is correct and the OBEX-Fuzzer tool is effective.

Key words: vulnerability discovery, Object Exchange Protocol(OBEX), Fuzzing technology, smartphone

中图分类号: 

• TP309