Introduction
I noticed that the network subsystem was already being fuzzed extensively by syzkaller, but that subsystems like Bluetooth were less well covered. In general, research on the Bluetooth host attack surface seemed to be quite limited – with most public vulnerabilities in Bluetooth only affecting the firmware or the specification itself, and only allowing attackers to eavesdrop and/or manipulate information.
But what if attackers could take full control over devices? The most prominent examples that demonstrated this scenario were BlueBorne and BlueFrag. I set myself the goal to research the Linux Bluetooth stack, to extend upon BlueBorne’s findings, and to extend syzkaller with the capability to fuzz the
'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.