Security Analysis of Zigbee Protocol Implementation via Device-agnostic Fuzzing
View/ Open
Date
2023-03Author
Ren, Mengfei
Ren, Xiaolei
Feng, Huadong
Ming, Jiang
Lei, Yu
Metadata
Show full item recordAbstract
Zigbee is widely adopted as a resource-efficient wireless protocol in the IoT network. IoT devices from manufacturers have
recently been affected due to major vulnerabilities in Zigbee protocol implementations. Security testing of Zigbee protocol
implementations is becoming increasingly important. However, applying existing vulnerability detection techniques such
as fuzzing to the Zigbee protocol is not a simple task. Dealing with low-level hardware events still remains a big challenge.
For the Zigbee protocol, which communicates over a radio channel, many existing protocol fuzzing tools lack a sufficient
execution environment.
To narrow the gap, we designed Z-Fuzzer, a device-agnostic fuzzing tool for detecting security flaws in Zigbee protocol
implementations. To simulate Zigbee protocol execution, Z-Fuzzer leverages a commercial embedded device simulator with
pre-defined peripherals and hardware interrupt setups to interact with the fuzzing engine. Z-Fuzzer generates more highquality test cases with code-coverage heuristics. We compare Z-Fuzzer with advanced protocol fuzzing tools, BooFuzz and
Peach fuzzer, on top of Z-Fuzzer’s simulation platform. Our findings suggest that Z-Fuzzer can achieve greater code coverage in Z-Stack, a widely used Zigbee protocol implementation. Compared to BooFuzz and Peach, Z-Fuzzer found more
vulnerabilities with fewer test cases. Three of them have been assigned CVE IDs with high CVSS scores (7.5∼8.2).