Forget the 26 new USB bugs found in Linux and Windows, it’s the security fuzzer tool that discovered them that’s the news.

SanDisk Cruzer USB 4GB ThumbDrive

A research team from Purdue University has created a tool, USBFuzz, which fuzzes calls to the USB driver stack. Apparently the tool is pretty groundbreaking. The researchers said,

“At its core, USBFuzz uses a software-emulated USB device to provide random device data to drivers (when they perform IO operations).”

The researchers tested the tool on:

  • 9 recent versions of the Linux kernel: v4.14.81, v4.15,v4.16, v4.17, v4.18.19, v4.19, v4.19.1, v4.19.2, and v4.20-rc2 (the latest version at the time of evaluation)
  • FreeBSD 12 (the latest release)
  • MacOS 10.15 Catalina (the latest release)
  • Windows (both version 8 and 10, with most recent security updates installed)

In total, they found 26 new bugs. They discovered one new bug in FreeBSD, three in MacOS (one of which froze the system), four in Windows 8 and 10 (producing BSOD), and get this, 18 in Linux. Sixteen of the Linux bugs were “memory bugs of high-security impact in various Linux subsystems”. Of the 18 Linux bugs, 11 received a CVE and have already been patched.

The team’s research results will be presented at the Usenix Security Symposium virtual security conference in August 2020. Then USBFuzz will be open-sourced and released to the public.

Start typing and press Enter to search

Shopping Cart

No products in the cart.

Signup now!

NOW

Sign up for
our newsletter
and get new exclusive product
alerts, news flashes, inside industry
information, and MORE.

Get notifications of new products, insider industry news, science and tech features, and more.