Toward Hybrid Static-Dynamic Detection of Vulnerabilities in IoT Firmware

Daojing He, Hongjie Gu, Tinghui Li, Yongliang Du, Xiaolei Wang, Sencun Zhu, Nadra Guizani

Research output: Contribution to journalArticlepeer-review

Abstract

IoT devices are becoming increasingly ubiquitous because they have greatly simplified many aspects of our daily life and our work. However, most firmware in these embedded devices carry various security vulnerabilities, such as hard-coded passwords, cryptographic keys, insecure configurations and backdoors. Recent large-scale attacks have demonstrated that the security vulnerabilities in IoT firmware have posed a severe threat to the Internet infrastructure. In this work, we design a hybrid platform to detect vulnerabilities in IoT firmware, which integrates both offline static detection and online dynamic detection. Our evaluation on real IoT devices shows that the proposed platform can effectively identify various security weaknesses and risks in firmware, such as dangerous processes, exploitable vulnerabilities, and other attack surfaces.

Original languageEnglish (US)
JournalIEEE Network
DOIs
StateAccepted/In press - 2020

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Toward Hybrid Static-Dynamic Detection of Vulnerabilities in IoT Firmware'. Together they form a unique fingerprint.

Cite this