IoT devices are becoming increasingly ubiquitous because they have greatly simplified many aspects of our daily life and our work. However, most firmware in these embedded devices carry various security vulnerabilities, such as hard-coded passwords, cryptographic keys, insecure configurations and backdoors. Recent large-scale attacks have demonstrated that the security vulnerabilities in IoT firmware have posed a severe threat to the Internet infrastructure. In this work, we design a hybrid platform to detect vulnerabilities in IoT firmware, which integrates both offline static detection and online dynamic detection. Our evaluation on real IoT devices shows that the proposed platform can effectively identify various security weaknesses and risks in firmware, such as dangerous processes, exploitable vulnerabilities, and other attack surfaces.
All Science Journal Classification (ASJC) codes
- Information Systems
- Hardware and Architecture
- Computer Networks and Communications