ThreadFuzzer: Fuzzing Framework for Thread Protocol

Computer Science > Cryptography and Security [Submitted on 21 Nov 2025 (v1), last revised 24 Apr 2026 (this version, v2)] ThreadFuzzer: Fuzzing Framework for Thread Protocol Ilja Siroš, Jakob Heirwegh, Dave Singelée, Bart Preneel With the rapid growth of IoT, secure and efficient mesh networking has become essential. Thread has emerged as a key protocol, widely used in smart-home and commercial systems, and serving as a core transport layer in the Matter standard. This paper presents ThreadFuzzer, the first dedicated fuzzing framework for systematically testing Thread protocol implementations. By manipulating packets at the MLE layer, ThreadFuzzer enables fuzzing of both virtual OpenThread nodes and physical Thread devices. The framework incorporates multiple fuzzing strategies, including Random and Coverage-based fuzzers from CovFuzz, as well as a newly introduced TLV Inserter, designed specifically for TLV-structured MLE messages. These strategies are evaluated on the OpenThread stack using code-coverage and vulnerability-discovery metrics. The evaluation uncovered five previously unknown vulnerabilities in the OpenThread stack, several of which were successfully reproduced on commercial devices that rely on OpenThread. Moreover, ThreadFuzzer was benchmarked against an oracle AFL++ setup using the manually extended OSS-Fuzz harness from OpenThread, demonstrating strong effectiveness. These results demonstrate the practical utility of ThreadFuzzer while highlighting challenges and future directions in the wireless protocol fuzzing research space. Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2511.17283 [cs.CR]   (or arXiv:2511.17283v2 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2511.17283 Focus to learn more Submission history From: Ilja Siroš [view email] [v1] Fri, 21 Nov 2025 14:42:50 UTC (3,437 KB) [v2] Fri, 24 Apr 2026 15:01:42 UTC (3,415 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2025-11 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)