Owfuzz: Discovering Wi-Fi Flaws in Modern Devices through Over-The-Air Fuzzing

Fuzzing is a practical approach to discovering flaws in the design and implementation of Wi-Fi protocols. However, existing Wi-Fi fuzzers are either vendor- or ecosystem-specific. Besides, they only cover a subset of 802.11 protocols and frame types. The growing complexity of Wi-Fi protocols, which have evolved to Wi-Fi6 and WPA3 already, calls for a free and comprehensive fuzzing tool for modern Wi-Fi devices. In this paper, we present such a fuzzing tool named Owfuzz. Unlike previous works using mostly firmware emulation fuzzing or driver fuzzing, Owfuzz takes the over-the-air fuzzing approach. It can perform fuzzing tests on arbitrary Wi-Fi devices from any vendor and can fuzz all three types of Wi-Fi frames (management, control, and data) defined in all versions of the 802.11 standards. It can be easily extended to support interactive testing of various protocol models. With Owfuzz, we have tested the products of mainstream Wi-Fi chip and device vendors, leading to the discovery of 23 flaws. We have reported most of these flaws to the related vendors with 8 CVE IDs assigned. Moreover, we have open-sourced Owfuzz to the community to facilitate future research.