(Wireless) Communication Security

In this project, we investigate systematic and automated security testing, exploitation and debugging of (Wireless) Communication Protocols. Our work in this area has uncovered critical security vulnerabilities such as SweynTooth and BrakTooth, among others. Additionally, our security testing tool has been translated by Keysight Technologies into Keysight IoT Security Assesssment Software. Our research in this topic was featured in WIRED (1), WIRED (2), PCMag Magazine, Hacker News, HACKADAY, MalwareBytes, Register, Bleeping Computer, Threatpost, The Record (by Recorded Future), Heise Online, and many news articles and podcasts (Podcast 1, Podcast 2) worldwide.

Representative Publications:

SNI5GECT: A Practical Approach to Inject aNRchy into 5G NR
Shijie Luo, Matheus E. Garbelini, Sudipta Chattopadhyay, and Jianying Zhou
34th USENIX Security Symposium, 2025

5GHOUL: Unleashing Chaos on 5G Edge Devices via Stateful Multi-layer Fuzzing
Matheus E. Garbelini, Zewen Shang, Shijie Luo, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan
IEEE Transactions on Dependable and Secure Computing (TDSC), 2025

U-Fuzz: Stateful Fuzzing of IoT Protocols on COTS Devices
Zewen Shang, Matheus E. Garbelini, and Sudipta Chattopadhyay
17th IEEE International Conference on Software Testing, Verification and Validation (ICST), 2024

VaktBLE: A Benevolent Man-in-the-middle Bridge to Guard against Malevolent BLE Connections
Geovani Benita, Leonardo Sestrem, Matheus E. Garbelini, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan
40th Annual Computer Security Applications Conference (ACSAC), 2024

Greyhound: Directed Greybox Wi-Fi Fuzzing
Matheus E. Garbelini, Chundong Wang, and Sudipta Chattopadhyay
IEEE Transactions on Dependable and Secure Computing (TDSC), 2020

BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing
Matheus E. Garbelini, Vaibhav Bedi, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan
USENIX Security Symposium, 2022

SweynTooth: Unleashing Mayhem over Bluetooth Low Energy
Matheus E. Garbelini, Chundong Wang, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan
USENIX Annual Technical Conference (USENIX ATC), 2020

Acknowledgement: We are grateful to Keysight Technologies, National Research Foundation and Ministry of Education for generously supporting this project.