当前位置:首页 > 报告详情

状态操纵:通过协议状态机重配置揭示蓝牙漏洞发现中的新攻击向量.pdf

上传人: 竿*** 编号:981828 2025-11-29 37页 8.43MB

1、#BHAS BlackHatEvents Lidong Li&Kun Dong&Xiao Wang SourceGuard#BHAS BlackHatEvents About Us Lidong LiLidong Li:Source GuardChief Security Officer.Specializing in protocol vulnerability mining and Fuzzing framework development.He is the core developer of the Wisdom&Swift Fuzzer.HITB/POC/ISC SpeakerKun

2、 Dong:Kun Dong:Source GuardCEO.Ph.D.in Cybersecurity from Xidian University,specializing in chip security research and AI adversarial security research Xiao WangXiao Wang:Source GuardSenior Security Researcher.His expertise lies in vulnerability discovery within the realms of wireless protocols,incl

3、uding Bluetooth,Wi-Fi security.#BHAS BlackHatEvents Agenda Bluetooth protocol stack&state machine analysis The bottleneck of traditional TLV-format Fuzzing Disrupting the state machine to discover new Bluetooth vulnerabilities#BHAS BlackHatEvents#BHAS BlackHatEvents Bluetooth protocol stack&State ma

4、chine analysis#BHAS BlackHatEvents Bluetooth protocol stack&State machine analysis#BHAS BlackHatEvents#BHAS BlackHatEvents The bottleneck of traditional TLV-format fuzzing#BHAS BlackHatEvents The bottleneck of traditional TLV-format Fuzzing Random targeting of TLV without purpose Drivers inspection

5、and validation of malformed packets Non-purposeful(non-targeted)interaction packets Incomplete state machin e coverage#BHAS BlackHatEvents The bottleneck of traditional TLV-format Fuzzing CVE-2017-0781 CVE-2020-12351 CVE-2023-45866#BHAS BlackHatEvents#BHAS BlackHatEvents#BHAS BlackHatEventsDisruptin

6、g the state machine to discover new Bluetooth vulnerabilitiesFactors that affect state machine interactions?1.2.#BHAS BlackHatEventsDisrupting the state machine to discover new Bluetooth vulnerabilities1.L2CAP Connect Request2.L2CAP Connect Response 3.L2CAP Channel Configuration4.Data Transfer&Disco

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - Lidong Li,Source Guard首席安全官,专注于协议漏洞挖掘和模糊测试框架开发。 - Kun Dong,Source Guard首席执行官,拥有西安电子科技大学网络安全博士学位,专长于芯片安全和AI对抗性安全研究。 - Xiao Wang,高级安全研究员,擅长无线协议(如蓝牙、Wi-Fi)中的漏洞发现。 关键点: 1. 传统TLV格式模糊测试的瓶颈:随机目标TLV、非目标交互包、不完整的状态机覆盖。 2. 通过破坏状态机发现新的蓝牙漏洞,如CVE-2017-0781、CVE-2020-12351、CVE-2023-45866。 3. 影响状态机交互的因素:L2CAP连接请求、连接响应、通道配置、数据传输与断开连接。 4. 状态截断、配置请求、配置响应等状态机破坏方法。 5. Class of Device (CoD)在状态机中的作用,包括状态剥离和重组。 6. 提出测试更多协议的建议。
新方法揭秘!" 蓝牙安全新篇章!" 揭秘未来网络安全!"
客服
商务合作
小程序
服务号
折叠