Fuzzing has been demonstrated as a highly effective way to identify bugs and security vulnerabilities. It has been extensively studied to use fuzzing methods to find Android security vulnerabilities. Generally, these fuzzing methods have been focusing on how to cover as many paths as possible and offer enough varieties of inputs for one exposed attack surface.
In this presentation, we will introduce a novel fuzzing method targeting Android. Although based on traditional fuzzing methods, the innovation is that it presents the ways to find vulnerabilities from quantitative change to qualitative change and it exploits the combinations of function points to find vulnerabilities. To particular extent, our fuzzing method borrows the ideology of model checking, by generating combinations to drive the exploration of the state space in a comprehensive way.
To demonstrate the effectiveness of our method, we apply it on OEM devices such as Samsung, Huawei and Smartisan OS. We have identified in total 200+ bugs and vulnerabilities, including many severe ones. During the presentation, we will select typical ones to demonstrate, aiming to inspire the community with those vulnerabilities that have yet been identified and shown by other methods.