The fuzzing awakens: File format-aware mutational fuzzing on smartphone media server daemons

Min Sik Shin; Jung Been Yu; Young Jin Yoon; Taekyoung Kwon

doi:10.1007/978-3-319-58469-0_15

The fuzzing awakens: File format-aware mutational fuzzing on smartphone media server daemons

Min Sik Shin, Jung Been Yu, Young Jin Yoon, Taekyoung Kwon

Graduate School of Information

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Media server daemons, running with a high privilege in the background, are attractive attack vectors that exist across various systems including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities although symbolic execution and advanced techniques are obviously promising. Unfortunately, fuzzing itself is not effective in such format-strict environments as media services. Thus, we study file format-aware fuzzing as a technical blend for finding new vulnerabilities. We present our black-box mutational fuzzing on the latest smartphone systems, Android and iOS, respectively, with manipulation of the MPEG-4 Part 14 file format and show results that affect a wide range of related systems. In our approach, we automate a seed file selection process to crawl a crowd-sourcing public website and validate arbitrary m4a/mp4 audio files according to the FOURCC atom list we gained through white-box analysis in Android. We acquired eight seed files covering all effective atoms in 2,600 s. We then performed size field mutation in a little amount and generated 1,102 test cases common to both systems. During six CPU hours of fuzzing, we identified three crash atoms in iOS 9.3.5 and 15 in Android 6.0.1, respectively. Due to formatawareness, we were able to easily locate crash points through a mutation table. It was discovered that the new crash atoms found in iOS allowed remote attackers to execute arbitrary code or cause a denial of service by memory corruption in iOS and also OS X, tvOS and watchOS.

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection - 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings
Editors	Sabrina De Capitani di Vimercati, Fabio Martinelli
Publisher	Springer New York LLC
Pages	219-232
Number of pages	14
ISBN (Print)	9783319584683
DOIs	https://doi.org/10.1007/978-3-319-58469-0_15
Publication status	Published - 2017
Event	32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017 - Rome, Italy Duration: 2017 May 29 → 2017 May 31

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	502
ISSN (Print)	1868-4238

Other

Other	32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017
Country/Territory	Italy
City	Rome
Period	17/5/29 → 17/5/31

Bibliographical note

Funding Information:
This work was supported by the National Research Foundation of Korea (NRF-2015-R1A2A2A01004792).

Publisher Copyright:
© IFIP International Federation for Information Processing 2017.

All Science Journal Classification (ASJC) codes

Information Systems
Computer Networks and Communications
Information Systems and Management

Access to Document

10.1007/978-3-319-58469-0_15

Cite this

Shin, M. S., Yu, J. B., Yoon, Y. J., & Kwon, T. (2017). The fuzzing awakens: File format-aware mutational fuzzing on smartphone media server daemons. In S. De Capitani di Vimercati, & F. Martinelli (Eds.), ICT Systems Security and Privacy Protection - 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings (pp. 219-232). (IFIP Advances in Information and Communication Technology; Vol. 502). Springer New York LLC. https://doi.org/10.1007/978-3-319-58469-0_15

Shin, Min Sik ; Yu, Jung Been ; Yoon, Young Jin et al. / The fuzzing awakens : File format-aware mutational fuzzing on smartphone media server daemons. ICT Systems Security and Privacy Protection - 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings. editor / Sabrina De Capitani di Vimercati ; Fabio Martinelli. Springer New York LLC, 2017. pp. 219-232 (IFIP Advances in Information and Communication Technology).

@inproceedings{3f764d9458864aee81a4d56e5a7c3e91,

title = "The fuzzing awakens: File format-aware mutational fuzzing on smartphone media server daemons",

abstract = "Media server daemons, running with a high privilege in the background, are attractive attack vectors that exist across various systems including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities although symbolic execution and advanced techniques are obviously promising. Unfortunately, fuzzing itself is not effective in such format-strict environments as media services. Thus, we study file format-aware fuzzing as a technical blend for finding new vulnerabilities. We present our black-box mutational fuzzing on the latest smartphone systems, Android and iOS, respectively, with manipulation of the MPEG-4 Part 14 file format and show results that affect a wide range of related systems. In our approach, we automate a seed file selection process to crawl a crowd-sourcing public website and validate arbitrary m4a/mp4 audio files according to the FOURCC atom list we gained through white-box analysis in Android. We acquired eight seed files covering all effective atoms in 2,600 s. We then performed size field mutation in a little amount and generated 1,102 test cases common to both systems. During six CPU hours of fuzzing, we identified three crash atoms in iOS 9.3.5 and 15 in Android 6.0.1, respectively. Due to formatawareness, we were able to easily locate crash points through a mutation table. It was discovered that the new crash atoms found in iOS allowed remote attackers to execute arbitrary code or cause a denial of service by memory corruption in iOS and also OS X, tvOS and watchOS.",

author = "Shin, {Min Sik} and Yu, {Jung Been} and Yoon, {Young Jin} and Taekyoung Kwon",

note = "Funding Information: This work was supported by the National Research Foundation of Korea (NRF-2015-R1A2A2A01004792). Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2017.; 32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017 ; Conference date: 29-05-2017 Through 31-05-2017",

year = "2017",

doi = "10.1007/978-3-319-58469-0_15",

language = "English",

isbn = "9783319584683",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer New York LLC",

pages = "219--232",

editor = "{De Capitani di Vimercati}, Sabrina and Fabio Martinelli",

booktitle = "ICT Systems Security and Privacy Protection - 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings",

}

Shin, MS, Yu, JB, Yoon, YJ & Kwon, T 2017, The fuzzing awakens: File format-aware mutational fuzzing on smartphone media server daemons. in S De Capitani di Vimercati & F Martinelli (eds), ICT Systems Security and Privacy Protection - 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings. IFIP Advances in Information and Communication Technology, vol. 502, Springer New York LLC, pp. 219-232, 32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017, Rome, Italy, 17/5/29. https://doi.org/10.1007/978-3-319-58469-0_15

The fuzzing awakens: File format-aware mutational fuzzing on smartphone media server daemons. / Shin, Min Sik; Yu, Jung Been; Yoon, Young Jin et al.
ICT Systems Security and Privacy Protection - 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings. ed. / Sabrina De Capitani di Vimercati; Fabio Martinelli. Springer New York LLC, 2017. p. 219-232 (IFIP Advances in Information and Communication Technology; Vol. 502).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - The fuzzing awakens

T2 - 32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017

AU - Shin, Min Sik

AU - Yu, Jung Been

AU - Yoon, Young Jin

AU - Kwon, Taekyoung

N1 - Funding Information: This work was supported by the National Research Foundation of Korea (NRF-2015-R1A2A2A01004792). Publisher Copyright: © IFIP International Federation for Information Processing 2017.

PY - 2017

Y1 - 2017

N2 - Media server daemons, running with a high privilege in the background, are attractive attack vectors that exist across various systems including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities although symbolic execution and advanced techniques are obviously promising. Unfortunately, fuzzing itself is not effective in such format-strict environments as media services. Thus, we study file format-aware fuzzing as a technical blend for finding new vulnerabilities. We present our black-box mutational fuzzing on the latest smartphone systems, Android and iOS, respectively, with manipulation of the MPEG-4 Part 14 file format and show results that affect a wide range of related systems. In our approach, we automate a seed file selection process to crawl a crowd-sourcing public website and validate arbitrary m4a/mp4 audio files according to the FOURCC atom list we gained through white-box analysis in Android. We acquired eight seed files covering all effective atoms in 2,600 s. We then performed size field mutation in a little amount and generated 1,102 test cases common to both systems. During six CPU hours of fuzzing, we identified three crash atoms in iOS 9.3.5 and 15 in Android 6.0.1, respectively. Due to formatawareness, we were able to easily locate crash points through a mutation table. It was discovered that the new crash atoms found in iOS allowed remote attackers to execute arbitrary code or cause a denial of service by memory corruption in iOS and also OS X, tvOS and watchOS.

AB - Media server daemons, running with a high privilege in the background, are attractive attack vectors that exist across various systems including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities although symbolic execution and advanced techniques are obviously promising. Unfortunately, fuzzing itself is not effective in such format-strict environments as media services. Thus, we study file format-aware fuzzing as a technical blend for finding new vulnerabilities. We present our black-box mutational fuzzing on the latest smartphone systems, Android and iOS, respectively, with manipulation of the MPEG-4 Part 14 file format and show results that affect a wide range of related systems. In our approach, we automate a seed file selection process to crawl a crowd-sourcing public website and validate arbitrary m4a/mp4 audio files according to the FOURCC atom list we gained through white-box analysis in Android. We acquired eight seed files covering all effective atoms in 2,600 s. We then performed size field mutation in a little amount and generated 1,102 test cases common to both systems. During six CPU hours of fuzzing, we identified three crash atoms in iOS 9.3.5 and 15 in Android 6.0.1, respectively. Due to formatawareness, we were able to easily locate crash points through a mutation table. It was discovered that the new crash atoms found in iOS allowed remote attackers to execute arbitrary code or cause a denial of service by memory corruption in iOS and also OS X, tvOS and watchOS.

UR - http://www.scopus.com/inward/record.url?scp=85019683365&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85019683365&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-58469-0_15

DO - 10.1007/978-3-319-58469-0_15

M3 - Conference contribution

AN - SCOPUS:85019683365

SN - 9783319584683

T3 - IFIP Advances in Information and Communication Technology

SP - 219

EP - 232

BT - ICT Systems Security and Privacy Protection - 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings

A2 - De Capitani di Vimercati, Sabrina

A2 - Martinelli, Fabio

PB - Springer New York LLC

Y2 - 29 May 2017 through 31 May 2017

ER -

Shin MS, Yu JB, Yoon YJ, Kwon T. The fuzzing awakens: File format-aware mutational fuzzing on smartphone media server daemons. In De Capitani di Vimercati S, Martinelli F, editors, ICT Systems Security and Privacy Protection - 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings. Springer New York LLC. 2017. p. 219-232. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-319-58469-0_15

The fuzzing awakens: File format-aware mutational fuzzing on smartphone media server daemons

Abstract

Publication series

Other

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this