River Loop had the privilege of presenting our latest efforts in wireless fuzzing, including the TumbleRF software framework and the Orthrus offensive radio interface, at DEF CON 26 in Las Vegas, NV. This research highlights the importance of securing oft-overlooked system components, such as non-IP network interfaces and hardware buses. 2014’s Isotope 802.15.4 bugs highlighted an interesting class of vulnerability existing at the PHY layer, so we wrote some tools to make uncovering bugs like those more systematic.
River Loop was thrilled to present its TumbleRF fuzzing framework at Black Hat Arsenal, a forum dedicated to open source security research and software at Black Hat USA. TumbleRF is an open source Python framework that enables researchers to fuzz arbitrary RF technologies down to the PHY. As River Loop’s 2014 Isotope research demonstrated, PHY-layer bugs can have serious implications, and often hide in plain sight. Thus, developing a tool to make finding these bugs systematic seemed like a good fit.
In this talk, we shared with the assembled group of hardware security professionals and students an introduction to IEEE 802.15.4 security and showed a few basic attacks, an intermediate attack, and then two examples of advanced techniques and research.
While fuzzing is known to be a powerful mechanism for fingerprinting and enumerating bugs within hardware and software systems, the application of this technique to wireless systems remains nontrivial due to fragmented and siloed tools. In this talk, we covered wireless fuzzing fundamentals and introduce a new tool to unify the approach across protocols, radios, and drivers and released a new open-source tool to assist.