IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware

Liu, Peiyu; Ji, Shouling; Zhang, Xuhong; Dai, Qinming; Lu, Kangjie; Fu, Lirong; Chen, Wenzhi; Cheng, Peng; Wang, Wenhai; Beyah, Raheem

doi:10.1109/ase51524.2021.9678785

Cited by 7 publications

(3 citation statements)

References 34 publications

(39 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From a technical perspective, vulnerabilities in IoT FW are mainly caused by input-independent errors (e.g., memory exhaustion) rather than input-dependent errors (e.g., invalid parameters) as is the case in PCs. [28] examines the firmware of 10 routers and IoT devices and finds 109 errors in total.…”

Section: Related Work 21 the Need For Updates And Patches Of Internet...mentioning

confidence: 99%

A Large-Scale Analysis of IoT Firmware Version Distribution in the Wild

Ebbers

2023

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

This paper examines the up-to-dateness of installed firmware versions of Internet of Things devices accessible via public Internet. It takes a novel approach to identify versions based on the source code of their web interfaces. It analyzes data sets of 1.06m devices collected using the IoT search engine Censys and then maps the results against the latest version each manufacturer offers. A fully scalable and adaptive approach is developed by applying the SEMMA data mining process. This approach relies on three data artifacts: raw data from Censys, a mapping table with firmware versions, and a keyword search list. The results confirm the heterogeneity of connected IoT devices and show that only 2.45 percent of the IoT devices "in the wild" run the latest available firmware. Installed versions are 19.2 months old on average. This real-world evidence suggests that the updating processes and methods used by engineers so far are not sufficient to keep IoT devices up-to-date. This paper identifies and quantifies influencing factors and captures the global and diverse distribution of IoT devices. It finds manufacturer and device type influence the up-todateness of firmware, whereas the country in which the device is deployed is less significant.

show abstract

Section: Related Work 21 the Need For Updates And Patches Of Internet...mentioning

confidence: 99%

A Large-Scale Analysis of IoT Firmware Version Distribution in the Wild

Ebbers

2023

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…(2) Recent studies [18,50] have identified the need for certain registers to repeatedly report specific values in order to execute firmware correctly and chosen to fix register values (use immutable inputs). But, fixing the values of registers effectively over restricts the search-space and can prevent testing of error handlers; importantly, error handlers were identified as a common source of bugs [23,28]. Expounding upon this insight we propose the peripheral input playback technique to: i) exploit the knowledge that many peripheral registers often repeatedly return the same value under typical execution conditions; and ii) benefit from mutated inputs to overcome restrictions on triggering of error handlers.…”

Section: An Overview Of Our Approachmentioning

confidence: 99%

“…For example, bits within a serial port status register, such as the parity error, could be triggered by a malicious actor, resulting in the execution of the associated error handler. Notably, IFIZZ [28], previously identified error handlers as a common source of bugs, with more than 25% of patches for some programs commonly used on routers containing changes to error handlers. • Third, new models may need to be generated during fuzzing as the corresponding peripherals are discovered, complicating the fuzzing process.…”

Section: Our Approachmentioning

confidence: 99%

Ember-IO: Effective Firmware Fuzzing with Model-Free Memory Mapped IO

Farrelly¹,

Chesser²,

Ranasinghe³

2023

Preprint

View full text Add to dashboard Cite

Exponential growth in embedded systems is driving the research imperative to develop fuzzers to automate firmware testing to uncover software bugs and security vulnerabilities. But, employing fuzzing techniques in this context present a uniquely challenging proposition; a key problem is the need to deal with the diverse and large number of peripheral communications in an automated testing framework. Recent fuzzing approaches: i) employ re-hosting methods by executing code in an emulator because fuzzing on resource limited embedded systems is slow and unscalable; and ii) integrate models of hardware behaviour to overcome the challenges faced by the massive input-space to be explored created by peripheral devices and to generate inputs that are effective in aiding a fuzzer to make progress.Our efforts expounds upon program execution behaviours unique to firmware to address the resulting input-space search problem. The techniques we propose improve the fuzzer's ability to generate values likely to progress execution and avoids time consumed on mutating inputs that are functionally equivalent to other test cases.We demonstrate the methods are highly efficient and effective at overcoming the input-space search problem. Our emulation-based implementation, Ember-IO, when compared to the existing stateof-the-art fuzzing framework across 21 firmware binaries, demonstrates up to 255% improvement in blocks covered. Further Ember-IO discovered 6 new bugs in the real-world firmware, previously not identified by state-of-the-art fuzzing frameworks. Importantly, Ember-IO integrated with the state-of-the-art fuzzer, Fuzzware, demonstrates similar or improved coverage across all firmware binaries whilst reproducing 3 of the 6 new bugs discovered by Ember-IO. CCS CONCEPTS• Computer systems organization → Embedded systems.

show abstract