SIoTFuzzer: Fuzzing Web Interface in IoT Firmware via Stateful Message Generation

Zhang, Hangwei; Lü, Kai; Zhou, Xu; Yin, Qidi; Wang, Pengfei; Yue, Tai

doi:10.3390/app11073120

Cited by 16 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…SIoTFuzzer [19] is another third-party independent work while writing this paper. SIoTFuzzer chooses to start from the Web front-end page and complete stateful message generation through front-end source code review, state analysis, and seed generation.…”

Section: Smart Devices Fuzzingmentioning

confidence: 99%

“…Fuzzing type Hardware support Component Zero-day detection IoTFuzzer [11] Black-box Bare-metal APP-related Yes FIRM-AFL [7] Grey-box Emulation Web Yes FirmFuzz [6] Grey-box Emulation Web Yes IoTHunter [17] Grey-box Emulation Protocol Yes MultiFuzz [18] Grey-box None Protocol Yes SIoTFuzzer [19] Black-box Emulation Web No DIANE [10] Black-box Bare-metal APP-related Yes device require authentication? (ii) Is the authentication process replayable?…”

Section: Fuzzermentioning

confidence: 99%

“…In our research, we implemented a full-featured prototype of PDFuzzerGen and evaluated it in a real-world environment. To assess its effectiveness, we ran PDFuzzerGen on 19 We have reported all these vulnerabilities to CNCERT/CC [15] in pursuit of helping vendors fix them.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices

Cheng

Fan

Huang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Black-box fuzzing is a testing technique to find both known and unknown vulnerabilities in software. When applying black-box fuzzing to smart devices, the main idea is to take a smart device as a black box and provide random input through a network-based interface, such as a Web interface. Due to the diversity of Web interface implementations and complex data format, a blind mutation of the message makes the message unable to pass the verification of the device component. Therefore, each Web interface needs a unique fuzzer, which precisely defines a message format of the target interface, a state maintenance method, the field positions to be mutated, and a specific input mutation method. At the time of writing, a fuzzer is completely developed by a security engineer. To save human labor, we present PDFuzzerGen, a tool to automatically synthesize complex black-box fuzzers for smart devices. PDFuzzerGen generates multiple fuzzing policies by analyzing raw messages and then synthesizes fuzzers based on policies. PDFuzzerGen requires no human intervention and can be applied to a wide range of smart devices. Furthermore, the generated fuzzers can expose bugs and flaws that rest deep in smart devices. PDFuzzerGen was evaluated to generate fuzzers for 19 different smart devices from 6 vendors. It has found 14 previously unknown vulnerabilities, 5 of which were confirmed and disclosed by the China National Vulnerability Database (CNVD) and 2 of which were confirmed and disclosed by Common Vulnerabilities and Exposures (CVE). The generated fuzzers outperform some manually crafted fuzzers on a few metrics, including the vulnerability detection rate and time cost of a newly developed fuzzer, which demonstrates the effectiveness and efficiency of PDFuzzerGen.

show abstract

Section: Smart Devices Fuzzingmentioning

confidence: 99%

Section: Fuzzermentioning

confidence: 99%

See 1 more Smart Citation

PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices

Cheng

Fan

Huang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…EWVHunter can automatically detect authentication bypass vulnerabilities and command injection vulnerabilities in embedded devices by using information from official firmware and logic programs that control the terminal's Web front-end. Reference [9] designed a black-box fuzzing tool named SIoTFuzzer, which can detect the vulnerabilities of IoT devices, design, and implement for automatic discovery of IoT devices' loopholes through device monitoring deployed in the system or built 2.4. Fuzzing Test Technology.…”

Section: Research On Routermentioning

confidence: 99%

RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface

Wang

Cao

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

As the main routing device of the network, most routers can be set up and managed through their web enabled admin portal. This paper proposes a new method for router admin portal vulnerability mining fuzzing test (RW-fuzzer: Router Web fuzzer). The mutation samples that generated by Boofuzz are used to construct the test sample set for fuzzy testing. The constructed mutation test cases are more suitable for the attack load or critical value of the router’s Web interface. They can cause unexpected errors for the devices more easily, which achieves the goal of discover potential vulnerabilities, and the practicality is excellent. Based on the proposed RW-fuzzer method, this work conducted fuzzing tests on 4 widely sold router models from manufacturers. Four nday vulnerabilities and one 0day vulnerability have been found. Experiment results show that the proposed RW-fuzzer method is effective.

show abstract

“…FirmFuzz [10] and EWVHunter [14] implement web crawlers to maintain authenticated state, but intramessage and inter-message dependencies are often neglected. SIoTFuzzer [16] extracts messages between page responds to gain a stateful seed while not analyzing the intramessage dependencies in these messages.…”

Section: Introductionmentioning

confidence: 99%

FirmHunter: State-Aware and Introspection-Driven Grey-Box Fuzzing towards IoT Firmware

2021

Self Cite

View full text Add to dashboard Cite

IoT devices are exponentially increasing in all aspects of our lives. Via the web interfaces of IoT devices, attackers can control IoT devices by exploiting their vulnerabilities. In order to guarantee IoT security, testing these IoT devices to detect vulnerabilities is very important. In this work, we present FirmHunter, an automated state-aware and introspection-driven grey-box fuzzer towards Linux-based firmware images on the basis of emulation. It employs a message-state queue to overcome the dependency problem in test cases. Furthermore, it implements a scheduler collecting execution information from system introspection to drive fuzzing towards more interesting test cases, which speeds up vulnerability discovery. We evaluate FirmHunter by emulating and fuzzing eight firmware images including seven routers and one IP camera with a state-of-the-art IoT fuzzer FirmFuzz and a web application scanner ZAP. Our evaluation results show that (1) the message-state queue enables FirmHunter to parse the dependencies in test cases and find real-world vulnerabilities that other fuzzers cannot detect; (2) our scheduler accelerates the discovery of vulnerabilities by an average of 42%; and (3) FirmHunter is able to find unknown vulnerabilities.

show abstract

SIoTFuzzer: Fuzzing Web Interface in IoT Firmware via Stateful Message Generation

Cited by 16 publications

References 13 publications

PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices

PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices

RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface

FirmHunter: State-Aware and Introspection-Driven Grey-Box Fuzzing towards IoT Firmware

Contact Info

Product

Resources

About