Abstract
IoT devices are becoming increasingly ubiquitous because they have greatly simplified many aspects of our daily life and our work. However, most firmware in these embedded devices carry various security vulnerabilities, such as hard-cod-ed passwords, cryptographic keys, insecure configurations and backdoors. Recent large-scale attacks have demonstrated that the security vulnerabilities in IoT firmware have posed a severe threat to the Internet infrastructure. In this work, we design a hybrid platform to detect vulnerabilities in IoT firmware, which integrates both offline static detection and online dynamic detection. Our evaluation on real IoT devices shows that the proposed platform can effectively identify various security weaknesses and risks in firmware, such as dangerous processes, exploitable vulnerabilities, and other attack surfaces.
Original language | English (US) |
---|---|
Article number | 9246617 |
Pages (from-to) | 202-207 |
Number of pages | 6 |
Journal | IEEE Network |
Volume | 35 |
Issue number | 2 |
DOIs | |
State | Published - Mar 1 2021 |
All Science Journal Classification (ASJC) codes
- Software
- Information Systems
- Hardware and Architecture
- Computer Networks and Communications