USB software security tool catches 26 bugs across operating systems

(Immagine: Pixabay CC0) - EPFL researchers have developed a new tool called USBFuzz, which they have already used to detect 26 vulnerabilities in the USB driver stacks of widely used operating systems including Linux, Windows, and macOS. USB driver stacks are components that help computers communicate with external devices via the Universal Serial Bus (USB) connection. USB connections - used with devices like external hard drives, keyboards, mice, or cameras - can open up computers to attack if their operating systems contain vulnerabilities. To help detect such vulnerabilities, EPFL researchers developed a software security tool called a fuzzer, which allows them to test a computer's ability to thwart an attack by emulating a USB device. The tool, called USBFuzz, delivers bits of random data to a target computer before autonomously observing how well the computer's software handles the unexpected inputs. The work was carried out by Mathias Payer, head of the HexHive lab in the School of Computer and Communication Sciences (IC), and HexHive researcher Hui Peng, currently a PhD student at Purdue University. "Fuzzing is an established approach to test software systems.