You can forgive reliability issues with the latest digital gadget, but the same doesn't apply to a light bulb. There is a long checklist to go through when creating secure and reliable communication on the home network, and one thing to note is that with more and more connected devices at home, radio signals do not stop at the walls. Even if your devices don’t typically communicate with your neighbors’ devices for home automation reasons, the radio networks overlap. This might be a security risk if an attacker finds a way to propagate code between overlapping networks, but obviously this is a challenge for reliable communication.
Many device vendors are taking devices to protocol-specific certification programs to increase interoperability. The certification testing is mostly functional testing, which provides valid inputs, and the output is compared to a correct or expected value. Functional testing verifies that everything works correctly under normal circumstances, but what if someone sends inputs that make no sense or are out of order?
Fuzz testing or fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs to a system to reveal software defects and vulnerabilities, making it complementary to functional testing. Fuzzing is a proven test method to discover security, reliability, performance, and other quality issues in the test target. When aiming to have a secure and reliable communication device, you cannot ignore the power of fuzzing.
Our Defensics team has more than 15 years of experience in fuzzing wireless networks. We have found and reported several vulnerabilities, but we’re seeing even more issues when a single, unauthenticated protocol message causes a test target to fail. After the failure, some devices restart themselves, but some need power cable removal to return to a functional state. Smart home devices might be located in places without easy access, or there might be a huge number of them. For example, we have seen smart bulbs dropping from the mesh network as a result of fuzzing, so you can imagine the effort to rebuild the network for all the lights in your house. In a worst-case scenario, the fuzz data can bypass the network protection mechanisms and inject data into the network. In such a case, a malicious attacker can easily pollute wireless networks from the street or with a drone from the air, and in the very worst case, from one network to another. The attacker can utilize vulnerabilities such as information leakage found by fuzzing a wireless protocol to get access from a smart device to the home network and then provide backdoor access from the internet.