Toward Hybrid Static-Dynamic Detection of Vulnerabilities in IoT Firmware

Daojing He, Hongjie Gu, Tinghui Li, Yongliang Du, Xiaolei Wang, Sencun Zhu, Nadra Guizani

Research output: Contribution to journalArticlepeer-review

9 Scopus citations

Abstract

IoT devices are becoming increasingly ubiquitous because they have greatly simplified many aspects of our daily life and our work. However, most firmware in these embedded devices carry various security vulnerabilities, such as hard-cod-ed passwords, cryptographic keys, insecure configurations and backdoors. Recent large-scale attacks have demonstrated that the security vulnerabilities in IoT firmware have posed a severe threat to the Internet infrastructure. In this work, we design a hybrid platform to detect vulnerabilities in IoT firmware, which integrates both offline static detection and online dynamic detection. Our evaluation on real IoT devices shows that the proposed platform can effectively identify various security weaknesses and risks in firmware, such as dangerous processes, exploitable vulnerabilities, and other attack surfaces.

Original languageEnglish (US)
Article number9246617
Pages (from-to)202-207
Number of pages6
JournalIEEE Network
Volume35
Issue number2
DOIs
StatePublished - Mar 1 2021

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Toward Hybrid Static-Dynamic Detection of Vulnerabilities in IoT Firmware'. Together they form a unique fingerprint.

Cite this