2021
DOI: 10.48550/arxiv.2105.05445
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference

Abstract: The proliferation of Internet of Things (IoT) devices has made people's lives more convenient, but it has also raised many security concerns. Due to the difficulty of obtaining and emulating IoT firmware, in the absence of internal execution information, blackbox fuzzing of IoT devices has become a viable option. However, existing black-box fuzzers cannot form effective mutation optimization mechanisms to guide their testing processes, mainly due to the lack of feedback. In addition, because of the prevalent u… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
2
1

Relationship

0
3

Authors

Journals

citations
Cited by 3 publications
(3 citation statements)
references
References 25 publications
0
3
0
Order By: Relevance
“…Snipuzz (Feng et al 2021), also aims to fuzz test IoT devices with accompanying mobile applications. Unlike IoTFuzzer and DIANE, it additionally analyzes responses from the target device to enable feedback-driven fuzzing.…”
Section: Hardware-based Embedded Fuzzingmentioning
confidence: 99%
“…Snipuzz (Feng et al 2021), also aims to fuzz test IoT devices with accompanying mobile applications. Unlike IoTFuzzer and DIANE, it additionally analyzes responses from the target device to enable feedback-driven fuzzing.…”
Section: Hardware-based Embedded Fuzzingmentioning
confidence: 99%
“…The kernel also dispatches exception signals such as SIGSEGV to the corresponding process when the process crashes. fuzzing (Feng et al 2021;Chen et al 2018;. The main fuzzing function is implemented in the packet sender, which can send a mutating request to the target process (yellow arrow in Fig.…”
Section: Observation and Motivationmentioning
confidence: 99%
“…The shortcomings of black-box fuzzing have been discussed for a long time. Therefore , Snipuzz (Feng et al 2021) propose a way to infer the running traces by analyzing the response contents to overcome these limitations . Its effectiveness depends on the quality of message snippets which is contingent on how much information could be obtained from devices' responses.…”
Section: Fuzzing Embedded Devicesmentioning
confidence: 99%