Abstract:IoT devices are abnormally prone to diverse errors due to harsh environments and limited computational capabilities. As a result, correct error handling is critical in IoT. Implementing correct error handling is non-trivial, thus requiring extensive testing such as fuzzing. However, existing fuzzing cannot effectively test IoT error-handling code. First, errors typically represent corner cases, thus are hard to trigger. Second, testing error-handling code would frequently crash the execution, which prevents fu… Show more
“…From a technical perspective, vulnerabilities in IoT FW are mainly caused by input-independent errors (e.g., memory exhaustion) rather than input-dependent errors (e.g., invalid parameters) as is the case in PCs. [28] examines the firmware of 10 routers and IoT devices and finds 109 errors in total.…”
Section: Related Work 21 the Need For Updates And Patches Of Internet...mentioning
This paper examines the up-to-dateness of installed firmware versions of Internet of Things devices accessible via public Internet. It takes a novel approach to identify versions based on the source code of their web interfaces. It analyzes data sets of 1.06m devices collected using the IoT search engine Censys and then maps the results against the latest version each manufacturer offers. A fully scalable and adaptive approach is developed by applying the SEMMA data mining process. This approach relies on three data artifacts: raw data from Censys, a mapping table with firmware versions, and a keyword search list. The results confirm the heterogeneity of connected IoT devices and show that only 2.45 percent of the IoT devices "in the wild" run the latest available firmware. Installed versions are 19.2 months old on average. This real-world evidence suggests that the updating processes and methods used by engineers so far are not sufficient to keep IoT devices up-to-date. This paper identifies and quantifies influencing factors and captures the global and diverse distribution of IoT devices. It finds manufacturer and device type influence the up-todateness of firmware, whereas the country in which the device is deployed is less significant.
“…From a technical perspective, vulnerabilities in IoT FW are mainly caused by input-independent errors (e.g., memory exhaustion) rather than input-dependent errors (e.g., invalid parameters) as is the case in PCs. [28] examines the firmware of 10 routers and IoT devices and finds 109 errors in total.…”
Section: Related Work 21 the Need For Updates And Patches Of Internet...mentioning
This paper examines the up-to-dateness of installed firmware versions of Internet of Things devices accessible via public Internet. It takes a novel approach to identify versions based on the source code of their web interfaces. It analyzes data sets of 1.06m devices collected using the IoT search engine Censys and then maps the results against the latest version each manufacturer offers. A fully scalable and adaptive approach is developed by applying the SEMMA data mining process. This approach relies on three data artifacts: raw data from Censys, a mapping table with firmware versions, and a keyword search list. The results confirm the heterogeneity of connected IoT devices and show that only 2.45 percent of the IoT devices "in the wild" run the latest available firmware. Installed versions are 19.2 months old on average. This real-world evidence suggests that the updating processes and methods used by engineers so far are not sufficient to keep IoT devices up-to-date. This paper identifies and quantifies influencing factors and captures the global and diverse distribution of IoT devices. It finds manufacturer and device type influence the up-todateness of firmware, whereas the country in which the device is deployed is less significant.
“…(2) Recent studies [18,50] have identified the need for certain registers to repeatedly report specific values in order to execute firmware correctly and chosen to fix register values (use immutable inputs). But, fixing the values of registers effectively over restricts the search-space and can prevent testing of error handlers; importantly, error handlers were identified as a common source of bugs [23,28]. Expounding upon this insight we propose the peripheral input playback technique to: i) exploit the knowledge that many peripheral registers often repeatedly return the same value under typical execution conditions; and ii) benefit from mutated inputs to overcome restrictions on triggering of error handlers.…”
Section: An Overview Of Our Approachmentioning
confidence: 99%
“…For example, bits within a serial port status register, such as the parity error, could be triggered by a malicious actor, resulting in the execution of the associated error handler. Notably, IFIZZ [28], previously identified error handlers as a common source of bugs, with more than 25% of patches for some programs commonly used on routers containing changes to error handlers. • Third, new models may need to be generated during fuzzing as the corresponding peripherals are discovered, complicating the fuzzing process.…”
Exponential growth in embedded systems is driving the research imperative to develop fuzzers to automate firmware testing to uncover software bugs and security vulnerabilities. But, employing fuzzing techniques in this context present a uniquely challenging proposition; a key problem is the need to deal with the diverse and large number of peripheral communications in an automated testing framework. Recent fuzzing approaches: i) employ re-hosting methods by executing code in an emulator because fuzzing on resource limited embedded systems is slow and unscalable; and ii) integrate models of hardware behaviour to overcome the challenges faced by the massive input-space to be explored created by peripheral devices and to generate inputs that are effective in aiding a fuzzer to make progress.Our efforts expounds upon program execution behaviours unique to firmware to address the resulting input-space search problem. The techniques we propose improve the fuzzer's ability to generate values likely to progress execution and avoids time consumed on mutating inputs that are functionally equivalent to other test cases.We demonstrate the methods are highly efficient and effective at overcoming the input-space search problem. Our emulation-based implementation, Ember-IO, when compared to the existing stateof-the-art fuzzing framework across 21 firmware binaries, demonstrates up to 255% improvement in blocks covered. Further Ember-IO discovered 6 new bugs in the real-world firmware, previously not identified by state-of-the-art fuzzing frameworks. Importantly, Ember-IO integrated with the state-of-the-art fuzzer, Fuzzware, demonstrates similar or improved coverage across all firmware binaries whilst reproducing 3 of the 6 new bugs discovered by Ember-IO.
CCS CONCEPTS• Computer systems organization → Embedded systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.