skip to main content
10.1145/3605801.3605808acmotherconferencesArticle/Chapter ViewAbstractPublication PagescncitConference Proceedingsconference-collections
research-article

A comprehensive survey of vulnerability detection method towards Linux-based IoT devices

Published: 09 August 2023 Publication History

Abstract

The IoT devices have introduced vulnerabilities and new attack vectors, making many devices a prime target for cybercriminals, while enriching people’s daily lives and industries. Vulnerability detection can effectively address this growing threat. However, due to variability of software and hardware, non-disclosure of source code and documentation, and limited resources of IoT devices, security analysis has never been an easy task. Although researchers have developed many new methods to overcome various challenges in the past decade, key challenges still hinder the practical application of firmware vulnerability mining. Therefore, this paper aims to systematically summarize existing work and analyze the challenges of this field and its solutions. Result: By summarizing the state-of-the-art approaches for static, dynamic, and hybrid analysis of IoT firmware and network service programs, we identify their advantages, disadvantages, and limitations. We found that network service programs are the main attack surface for 0-day vulnerability. Meanwhile, in the short term, static analysis and dynamic analysis are still mainstream techniques for vulnerability detection. Moreover, we point out that unique running workflow and environments are the biggest challenges for vulnerability detection. This survey serves as a reference for researchers and practitioners interested in IoT device security analysis and helps identify promising research directions for the future.

References

[1]
Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose. 2019. SoK: Security evaluation of home-based IoT deployments. In 2019 IEEE symposium on security and privacy, SP 2019, san francisco, CA, USA, may 19-23, 2019. IEEE, 1362–1380. https://doi.org/10.1109/SP.2019.00013 tex.bibsource: dblp computer science bibliography, https://dblp.org tex.biburl: https://dblp.org/rec/conf/sp/AlrawiLAM19.bib tex.timestamp: Wed, 16 Oct 2019 14:14:51 +0200.
[2]
David Budgen and Pearl Brereton. 2006. Performing systematic literature reviews in software engineering. In Proceedings of the 28th international conference on Software engineering(ICSE ’06). Association for Computing Machinery, New York, NY, USA, 1051–1052. https://doi.org/10.1145/1134285.1134500
[3]
Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick D. McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In 27th USENIX security symposium, USENIX security 2018, baltimore, MD, USA, august 15-17, 2018(USENIX’18), William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 1687–1704. https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-celik.pdf tex.bibsource: dblp computer science bibliography, https://dblp.org tex.biburl: https://dblp.org/rec/conf/uss/CelikBSATMU18.bib tex.timestamp: Mon, 01 Feb 2021 08:43:20 +0100.
[4]
Daming D Chen, Maverick Woo, David Brumley, and Manuel Egele. 2016. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016(NDSS’16). The Internet Society. https://doi.org/10.14722/ndss.2016.23415
[5]
Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In Proceedings 2018 Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2018.23159 Issue: February.
[6]
Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue. 2021. Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems(Security 21). 303–319. https://www.usenix.org/conference/usenixsecurity21/presentation/chen-libo
[7]
Yu Chen, Hong Li, Weiwei Zhao, Lin Zhang, Zhongjin Liu, and Zhiqiang Shi. 2017. IHB: A scalable and efficient scheme to identify homologous binaries in IoT firmwares. In 2017 IEEE 36th International Performance Computing and Communications Conference (IPCCC). 1–8. https://doi.org/10.1109/PCCC.2017.8280478 ISSN: 2374-9628.
[8]
Kai Cheng, Qiang Li, Lei Wang, Qian Chen, Yaowen Zheng, Limin Sun, and Zhenkai Liang. 2018. DTaint: Detecting the Taint-Style vulnerability in embedded device firmware. In Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018(DSN‘18). IEEE, 430–441. https://doi.org/10.1109/DSN.2018.00052 ISSN: 2158-3927.
[9]
Kai Cheng, Tao Liu, Le Guan, Peng Liu, Hong Li, Hongsong Zhu, and Limin Sun. 2022. Finding Taint-Style Vulnerabilities in Linux-based Embedded Firmware with SSE-based Alias Analysis. ArXiv (2022).
[10]
Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. 2014. A large-scale analysis of the security of embedded firmwares. In Proceedings of the 23rd USENIX security symposium, san diego, CA, USA, august 20-22, 2014(Security 14), Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 95–110. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin tex.bibsource: dblp computer science bibliography, https://dblp.org tex.biburl: https://dblp.org/rec/conf/uss/CostinZFB14.bib tex.timestamp: Mon, 01 Feb 2021 08:43:17 +0100.
[11]
Andrei Costin, Apostolis Zarras, and Aurélien Francillon. 2016. Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security(ASIA CCS ’16). Association for Computing Machinery, New York, NY, USA, 437–448. https://doi.org/10.1145/2897845.2897900
[12]
Yaniv David, Nimrod Partush, and Eran Yahav. 2018. FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems(ASPLOS ’18, Vol. 53). Association for Computing Machinery, New York, NY, USA, 392–404. https://doi.org/10.1145/3173162.3177157 ISSN: 15232867 Issue: 2.
[13]
Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution. In Proceedings of the 22th USENIX security symposium, washington, DC, USA, august 14-16, 2013, Samuel T. King (Ed.). USENIX Association, 463–478. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/davidson tex.bibsource: dblp computer science bibliography, https://dblp.org tex.biburl: https://dblp.org/rec/conf/uss/DavidsonMRJ13.bib tex.timestamp: Mon, 01 Feb 2021 08:43:12 +0100.
[14]
Sebastian Eschweiler, Khaled Yakdan, and Elmar Gerhards-Padilla. 2016. discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016. The Internet Society. https://doi.org/10.14722/ndss.2016.23185
[15]
Rong Fan, Jianfeng Pan, and Shaomang Huang. 2020. ARM-AFL: Coverage-Guided Fuzzing Framework for ARM-Based IoT Devices. In Applied Cryptography and Network Security Workshops - ACNS 2020 Satellite Workshops, AIBlock, AIHWS, AIoTS, Cloud S&P, SCI, SecMT, and SiMLA, Rome, Italy, October 19-22, 2020, Proceedings(Lecture Notes in Computer Science, Vol. 12418), Jianying Zhou, Mauro Conti, Chuadhry Mujeeb Ahmed, Man Ho Au, Lejla Batina, Zhou Li, Jingqiang Lin, Eleonora Losiouk, Bo Luo, Suryadipta Majumdar, Weizhi Meng, Martín Ochoa, Stjepan Picek, Georgios Portokalidis, Cong Wang, and Kehuan Zhang (Eds.). Springer, 239–254. https://doi.org/10.1007/978-3-030-61638-0_14
[16]
Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, and Heng Yin. 2016. Scalable Graph-based Bug Search for Firmware Images. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM, 480–491. https://doi.org/10.1145/2976749.2978370
[17]
Xiaotao Feng, Ruoxi Sun, Xiaogang Zhu, Minhui Xue, Sheng Wen, Dongxi Liu, Surya Nepal, and Yang Xiang. 2021. Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference. In CCS’21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security(CCS’21, Vol. 1). Association for Computing Machinery. https://doi.org/10.1145/3460120.3484543 Publication Title: Proceedings of ACM Conference on Computer and Communications Security (Anonymous Submission to ACM CCS 2021) _eprint: 2105.05445.
[18]
Xiaotao Feng, Xiaogang Zhu, Qing-Long Han, Wei Zhou, Sheng Wen, and Yang Xiang. 2023. Detecting Vulnerability on IoT Device Firmware: A Survey. IEEE/CAA Journal of Automatica Sinica 10, 1 (Jan. 2023), 25–41. https://doi.org/10.1109/JAS.2022.105860 Conference Name: IEEE/CAA Journal of Automatica Sinica.
[19]
Jian Gao, Xin Yang, Ying Fu, Yu Jiang, and Jiaguang Sun. 2018. VulSeeker: a semantic learning based vulnerability seeker for cross-platform binary. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. Association for Computing Machinery, New York, NY, USA, 896–899. https://doi.org/10.1145/3238147.3240480
[20]
Jian Gao, Xin Yang, Yu Jiang, Houbing Song, Kim-Kwang Raymond Choo, and Jiaguang Sun. 2021. Semantic Learning Based Cross-Platform Binary Vulnerability Search For IoT Devices. IEEE Transactions on Industrial Informatics 17, 2 (Feb. 2021), 971–979. https://doi.org/10.1109/TII.2019.2947432 Conference Name: IEEE Transactions on Industrial Informatics.
[21]
Zicong Gao, Weiyu Dong, Rui Chang, and Yisen Wang. 2020. Fw-fuzz: A code coverage-guided fuzzing framework for network protocols on firmware: NA. Concurrency and Computation: Practice and Experience 34 (April 2020). https://doi.org/10.1002/cpe.5756
[22]
Zhijie Gui, Hui Shu, Fei Kang, and Xiaobing Xiong. 2020. FIRMCORN: Vulnerability-oriented fuzzing of IoT firmware via optimized virtual execution. IEEE Access 8 (2020), 29826–29841. https://doi.org/10.1109/ACCESS.2020.2973043 tex.bibsource: dblp computer science bibliography, https://dblp.org tex.biburl: https://dblp.org/rec/journals/access/GuiSKX20.bib tex.timestamp: Tue, 03 Mar 2020 09:38:04 +0100.
[23]
Irfan Ul Haq and Juan Caballero. 2021. A Survey of Binary Code Similarity. Comput. Surveys 54, 3 (April 2021), 51:1–51:38. https://doi.org/10.1145/3446371
[24]
Mingeun Kim, Dongkwan Kim, Eunsoo Kim, Suryeon Kim, Yeongjin Jang, and Yongdae Kim. 2020. FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis. In Annual Computer Security Applications Conference(ACSAC ’20). Association for Computing Machinery, New York, NY, USA, 733–745. https://doi.org/10.1145/3427228.3427294
[25]
Marius Muench, Jan Stijohann, Frank Kargl, Aurelien Francillon, and Davide Balzarotti. 2018. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. In Proceedings 2018 Network and Distributed System Security Symposium(NDSS’18). https://doi.org/10.14722/ndss.2018.23166
[26]
Ibrahim Nadir, Haroon Mahmood, and Ghalib Asadullah. 2022. A taxonomy of IoT firmware security and principal firmware analysis techniques. International Journal of Critical Infrastructure Protection 38, C (Sept. 2022). https://doi.org/10.1016/j.ijcip.2022.100552
[27]
Nilo Redini, Andrea Continella, Dipanjan Das, Giulio De Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna, Giulio De Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna. 2021. Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices. In 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24-27 May 2021, Vol. 2021-May. IEEE, 484–500. https://doi.org/10.1109/SP40001.2021.00066 ISSN: 10816011.
[28]
Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2020. Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware. In In Proceedings of the IEEE Symposium on Security & Privacy (S&P). 1544–1561. https://doi.org/10.1109/sp40000.2020.00036
[29]
Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2015. Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, February 8-11, 2015. The Internet Society. https://doi.org/10.14722/ndss.2015.23294
[30]
Prashast Srivastava, Hui Peng, Jiahao Li, Hamed Okhravi, Howard Shrobe, and Mathias Payer. 2019. FirmFuzz: automated IoT firmware introspection and analysis. In Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things. 15–21.
[31]
Sam L. Thomas, Tom Chothia, and Flavio D. Garcia. 2017. Stringer: Measuring the Importance of Static Data Comparisons to Detect Backdoors and Undocumented Functionality. In Computer Security - ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part II(Lecture Notes in Computer Science, Vol. 10493), Simon N. Foley, Dieter Gollmann, and Einar Snekkenes (Eds.). Springer, 513–531. https://doi.org/10.1007/978-3-319-66399-9_28
[32]
Sam L. Thomas, Flavio D. Garcia, and Tom Chothia. 2017. HumIDIFy: A Tool for Hidden Functionality Detection in Firmware. In Detection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference, DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings(Lecture Notes in Computer Science, Vol. 10327), Michalis Polychronakis and Michael Meier (Eds.). Springer, 279–300. https://doi.org/10.1007/978-3-319-60876-1_13
[33]
Dong Wang, Xiaosong Zhang, Ting Chen, and Jingwei Li. 2019. Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface. In Innovative Mobile and Internet Services in Ubiquitous Computing, Prosanta Gope (Ed.). Vol. 2019. Hindawi, 5076324. https://doi.org/10.1155/2019/5076324 ISSN: 1939-0114.
[34]
Zhiqiang Wang, Yuqing Zhang, and Qixu Liu. 2013. RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing. KSII Trans. Internet Inf. Syst. 7, 8 (2013), 1989–2009. https://doi.org/10.3837/tiis.2013.08.014
[35]
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, and Dawn Song. 2017. Neural network-based graph embedding for cross-platform binary code similarity detection. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, CCS 2017, dallas, TX, USA, october 30 - november 03, 2017(CCS’17), Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 363–376. https://doi.org/10.1145/3133956.3134018 tex.bibsource: dblp computer science bibliography, https://dblp.org tex.biburl: https://dblp.org/rec/conf/ccs/XuLFYSS17.bib tex.timestamp: Tue, 10 Nov 2020 19:59:50 +0100.
[36]
Min Yao, Baojiang Cui, and Chen Chen. 2020. Research on IoT Device Vulnerability Mining Technology Based on Static Preprocessing and Coloring Analysis. In Innovative Mobile and Internet Services in Ubiquitous Computing(Advances in Intelligent Systems and Computing), Leonard Barolli, Aneta Poniszewska-Maranda, and Hyunhee Park (Eds.). Springer International Publishing, Cham, 254–263. https://doi.org/10.1007/978-3-030-50399-4_25
[37]
Chi Zhang, Yu Wang, and Linzhang Wang. 2020. Firmware Fuzzing: The State of the Art. In 12th Asia-Pacific Symposium on Internetware(Internetware’20). Association for Computing Machinery, New York, NY, USA, 110–115. https://doi.org/10.1145/3457913.3457934
[38]
Li Zhang, Jiongyi Chen, Wenrui Diao, Shanqing Guo, Jian Weng, and Kehuan Zhang. 2019. CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices. 151–164. https://www.usenix.org/conference/raid2019/presentation/zhang-li
[39]
Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Haoliang Lu, Longquan Liu, Chen Wang, Dandan Sun, Chao Zhang, and Baoxu Liu. 2019. SRFuzzer: an automatic fuzzing framework for physical SOHO router devices to discover multi-type vulnerabilities. In Proceedings of the 35th Annual Computer Security Applications Conference, {ACSAC} 2019, San Juan, PR, USA, December 09-13, 2019(ACSAC‘19), David Balenson (Ed.). ACM, 544–556. https://doi.org/10.1145/3359789.3359826
[40]
Binbin Zhao, Shouling Ji, Jiacheng Xu, Yuan Tian, Qiuyang Wei, Qinying Wang, Chenyang Lyu, Xuhong Zhang, Changting Lin, Jingzheng Wu, and Raheem Beyah. 2022. A large-scale empirical analysis of the vulnerabilities introduced by third-party components in IoT firmware. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA 2022). Association for Computing Machinery, New York, NY, USA, 442–454. https://doi.org/10.1145/3533767.3534366
[41]
Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation. In 28th USENIX Security Symposium. 1099–1114.
[42]
Yaowen Zheng, Yuekang Li, Cen Zhang, Hongsong Zhu, Yang Liu, and Limin Sun. 2022. Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA 2022). Association for Computing Machinery, New York, NY, USA, 417–428. https://doi.org/10.1145/3533767.3534414
[43]
Yaowen Zheng, Zhanwei Song, Yuyan Sun, Kai Cheng, Hongsong Zhu, and Limin Sun. 2019. An Efficient Greybox Fuzzing Scheme for Linux-based IoT Programs Through Binary Static Analysis. In 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC). 1–8. https://doi.org/10.1109/IPCCC47392.2019.8958740 ISSN: 2374-9628.

Cited By

View all
  • (2023)Finding Taint-Style Vulnerabilities in Lua Application of IoT Firmware with Progressive Static AnalysisApplied Sciences10.3390/app1317971013:17(9710)Online publication date: 28-Aug-2023

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
CNCIT '23: Proceedings of the 2023 2nd International Conference on Networks, Communications and Information Technology
June 2023
253 pages
ISBN:9798400700620
DOI:10.1145/3605801
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 August 2023

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

CNCIT 2023

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)156
  • Downloads (Last 6 weeks)12
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Finding Taint-Style Vulnerabilities in Lua Application of IoT Firmware with Progressive Static AnalysisApplied Sciences10.3390/app1317971013:17(9710)Online publication date: 28-Aug-2023

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media