DOI: 10.14569/IJACSA.2022.0130781

An Iootfuzzer Method for Vulnerability Mining of Internet of Things Devices based on Binary Source Code and Feedback Fuzzing

Author 1: Guangxin Guo
Author 2: Chao Wang
Author 3: Jiahan Dong
Author 4: Bowen Li
Author 5: Xiaohu Wang

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 13 Issue 7, 2022.

Abstract: With the technological progress of the Internet and 5G communication network, more and more Internet of Things devices are used in it. Limited by the cost, power consumption and other factors of Internet of Things devices, the systems carried by the Internet of Things devices often lack the security protection provided by larger equipment systems such as desktop computers. Because the current personal computers and servers mostly use the x86 architecture, and the previous research on security tools or hardware-based security analysis feature support is mostly based on the x86 architecture, the traditional security analysis techniques cannot be applied to the current large-scale ARM-based and MIPS-based Internet of Things devices. Based on this, this paper studies the firmware binary program of common Linux-based Internet of Things devices. A binary static instrumentation technology based on taint information analysis is proposed. The paper also analyzes how to use the binary static instrumentation technology combined with static analysis results to rewrite binary programs and obtain taint path information when binary programs are executed. Firmware binary fuzzing technology based on model constraints and path feedback is studied to cover more dangerous execution paths in the target program. Finally, iootfuzzer, a prototype vulnerability mining system for firmware binaries of Internet of Things devices, is used to test and analyze the two technologies. The results show that its fuzzing efficiency for Internet of Things devices is better than other fuzzing technologies such as boofuzz and Peach 3. It can fill in some gaps in the current security analysis tools for the Internet of Things devices and improve the efficiency of security analysis for Internet of Things devices, which contributes to the field through automated security vulnerability detection systems.

Keywords: Internet of things; system vulnerabilities; source code; fuzz testing; instrumentation technology

Guangxin Guo, Chao Wang, Jiahan Dong, Bowen Li and Xiaohu Wang, “An Iootfuzzer Method for Vulnerability Mining of Internet of Things Devices based on Binary Source Code and Feedback Fuzzing” International Journal of Advanced Computer Science and Applications(IJACSA), 13(7), 2022. http://dx.doi.org/10.14569/IJACSA.2022.0130781

@article{Guo2022,
title = {An Iootfuzzer Method for Vulnerability Mining of Internet of Things Devices based on Binary Source Code and Feedback Fuzzing},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2022.0130781},
url = {http://dx.doi.org/10.14569/IJACSA.2022.0130781},
year = {2022},
publisher = {The Science and Information Organization},
volume = {13},
number = {7},
author = {Guangxin Guo and Chao Wang and Jiahan Dong and Bowen Li and Xiaohu Wang}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

Computer Vision Conference (CVC) 2026

16-17 April 2026

Healthcare Conference 2026

21-22 May 2025

Computing Conference 2025

19-20 June 2025

IntelliSys 2025

28-29 August 2025

Future Technologies Conference (FTC) 2025

6-7 November 2025