The Fuzzing Awakens: File Format-Aware Mutational Fuzzing on Smartphone Media Server Daemons

Abstract : Media server daemons, running with a high privilege in the background, are attractive attack vectors that exist across various systems including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities although symbolic execution and advanced techniques are obviously promising. Unfortunately, fuzzing itself is not effective in such format-strict environments as media services. Thus, we study file format-aware fuzzing as a technical blend for finding new vulnerabilities. We present our black-box mutational fuzzing on the latest smartphone systems, Android and iOS, respectively, with manipulation of the MPEG-4 Part 14 file format and show results that affect a wide range of related systems. In our approach, we automate a seed file selection process to crawl a crowd-sourcing public website and validate arbitrary m4a/mp4 audio files according to the FOURCC atom list we gained through white-box analysis in Android. We acquired eight seed files covering all effective atoms in 2,600 s. We then performed size field mutation in a little amount and generated 1,102 test cases common to both systems. During six CPU hours of fuzzing, we identified three crash atoms in iOS 9.3.5 and 15 in Android 6.0.1, respectively. Due to format-awareness, we were able to easily locate crash points through a mutation table. It was discovered that the new crash atoms found in iOS allowed remote attackers to execute arbitrary code or cause a denial of service by memory corruption in iOS and also OS X, tvOS and watchOS.
Type de document :
Communication dans un congrès
Sabrina De Capitani di Vimercati; Fabio Martinelli. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-502, pp.219-232, 2017, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-58469-0_15〉
Liste complète des métadonnées

Littérature citée [37 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01649011
Contributeur : Hal Ifip <>
Soumis le : lundi 27 novembre 2017 - 10:32:01
Dernière modification le : lundi 27 novembre 2017 - 10:34:04

Fichier

 Accès restreint
Fichier visible le : 2020-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Minsik Shin, Jungbeen Yu, Youngjin Yoon, Taekyoung Kwon. The Fuzzing Awakens: File Format-Aware Mutational Fuzzing on Smartphone Media Server Daemons. Sabrina De Capitani di Vimercati; Fabio Martinelli. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-502, pp.219-232, 2017, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-58469-0_15〉. 〈hal-01649011〉

Partager

Métriques

Consultations de la notice

34