GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing
Near-field communication (NFC) is a set of communication protocols that enable two electronic devices. Its security and reliability are welcomed by mobile terminal manufactures, banks, telecom operators, and third-party payment platforms. Simultaneously, it has also drawn more and more attention fro...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-Wiley
2021-01-01
|
Series: | Security and Communication Networks |
Online Access: | http://dx.doi.org/10.1155/2021/9946022 |
id |
doaj-ab2bdd4301df409099c0ca6cea2e38ac |
---|---|
record_format |
Article |
spelling |
doaj-ab2bdd4301df409099c0ca6cea2e38ac2021-07-12T02:12:42ZengHindawi-WileySecurity and Communication Networks1939-01222021-01-01202110.1155/2021/9946022GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on FuzzingZhiqiang Wang0Yuheng Lin1Zihan Zhuo2Jieming Gu3Tao Yang4Beijing Electronic Science and Technology InstituteBeijing Electronic Science and Technology InstituteNational Internet Emergency CenterNational Internet Emergency CenterKey Lab of Information Network SecurityNear-field communication (NFC) is a set of communication protocols that enable two electronic devices. Its security and reliability are welcomed by mobile terminal manufactures, banks, telecom operators, and third-party payment platforms. Simultaneously, it has also drawn more and more attention from hackers and attackers, and NFC-enabled devices are facing increasing threats. To improve the security of the NFC technology, the paper studied the technology of discovering security vulnerabilities of NFC Data Exchange Format (NDEF), the most important data transmission protocol. In the paper, we proposed an algorithm, GTCT (General Test Case Construction and Test), based on fuzzing to construct test cases and test the NDEF protocol. GTCT adopts four strategies to construct test cases, manual, generation, mutation, and “reverse analysis,” which can detect logic vulnerabilities that fuzzing cannot find and improve the detection rate. Based on GTCT, we designed an NDEF vulnerability discovering framework and developed a tool named “GNFCVulFinder” (General NFC Vulnerability Finder). By testing 33 NFC system services and applications on Android and Windows Phones, we found eight vulnerabilities, including DoS vulnerabilities of NFC service, logic vulnerabilities about opening Bluetooth/Wi-Fi/torch, design flaws about the black screen, and DoS of NFC applications. Finally, we give some security suggestions for the developer to enhance the security of NFC.http://dx.doi.org/10.1155/2021/9946022 |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Zhiqiang Wang Yuheng Lin Zihan Zhuo Jieming Gu Tao Yang |
spellingShingle |
Zhiqiang Wang Yuheng Lin Zihan Zhuo Jieming Gu Tao Yang GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing Security and Communication Networks |
author_facet |
Zhiqiang Wang Yuheng Lin Zihan Zhuo Jieming Gu Tao Yang |
author_sort |
Zhiqiang Wang |
title |
GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing |
title_short |
GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing |
title_full |
GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing |
title_fullStr |
GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing |
title_full_unstemmed |
GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing |
title_sort |
gnfcvulfinder: ndef vulnerability discovering for nfc-enabled smart mobile devices based on fuzzing |
publisher |
Hindawi-Wiley |
series |
Security and Communication Networks |
issn |
1939-0122 |
publishDate |
2021-01-01 |
description |
Near-field communication (NFC) is a set of communication protocols that enable two electronic devices. Its security and reliability are welcomed by mobile terminal manufactures, banks, telecom operators, and third-party payment platforms. Simultaneously, it has also drawn more and more attention from hackers and attackers, and NFC-enabled devices are facing increasing threats. To improve the security of the NFC technology, the paper studied the technology of discovering security vulnerabilities of NFC Data Exchange Format (NDEF), the most important data transmission protocol. In the paper, we proposed an algorithm, GTCT (General Test Case Construction and Test), based on fuzzing to construct test cases and test the NDEF protocol. GTCT adopts four strategies to construct test cases, manual, generation, mutation, and “reverse analysis,” which can detect logic vulnerabilities that fuzzing cannot find and improve the detection rate. Based on GTCT, we designed an NDEF vulnerability discovering framework and developed a tool named “GNFCVulFinder” (General NFC Vulnerability Finder). By testing 33 NFC system services and applications on Android and Windows Phones, we found eight vulnerabilities, including DoS vulnerabilities of NFC service, logic vulnerabilities about opening Bluetooth/Wi-Fi/torch, design flaws about the black screen, and DoS of NFC applications. Finally, we give some security suggestions for the developer to enhance the security of NFC. |
url |
http://dx.doi.org/10.1155/2021/9946022 |
work_keys_str_mv |
AT zhiqiangwang gnfcvulfinderndefvulnerabilitydiscoveringfornfcenabledsmartmobiledevicesbasedonfuzzing AT yuhenglin gnfcvulfinderndefvulnerabilitydiscoveringfornfcenabledsmartmobiledevicesbasedonfuzzing AT zihanzhuo gnfcvulfinderndefvulnerabilitydiscoveringfornfcenabledsmartmobiledevicesbasedonfuzzing AT jieminggu gnfcvulfinderndefvulnerabilitydiscoveringfornfcenabledsmartmobiledevicesbasedonfuzzing AT taoyang gnfcvulfinderndefvulnerabilitydiscoveringfornfcenabledsmartmobiledevicesbasedonfuzzing |
_version_ |
1721308041255583744 |