Abstract:
With the increasing popularity of the Internet of Things (IoT), security issues in this domain have become a major concern in recent years. In favor of a fast time to mar...Show MoreMetadata
Abstract:
With the increasing popularity of the Internet of Things (IoT), security issues in this domain have become a major concern in recent years. In favor of a fast time to market and low cost, security is often neglected during IoT development and little effort has been spent to enhance security tools to support the most common IoT architectures. Therefore, this work investigates fuzzing, an emerging security analysis technique, on the popular ESP32 IoT architecture. Instead of performing fuzzing directly on the target IoT system, we propose a full-system emulator that runs ESP32 firmware images and is able to perform fuzzing several orders of magnitude faster than the actual system. Using this emulator, we were able to fuzz a commercial IoT device with more than 300 requests per second and identify a bug in it within a few minutes. The developed framework can not only be used for discovering security issues in released products, but also for automated fuzzing tests during development.
Date of Conference: 06-11 December 2020
Date Added to IEEE Xplore: 25 February 2021
ISBN Information: