Visible to the public FIoT: Detecting the Memory Corruption in Lightweight IoT Device Firmware

TitleFIoT: Detecting the Memory Corruption in Lightweight IoT Device Firmware
Publication TypeConference Paper
Year of Publication2019
AuthorsZhu, Lipeng, Fu, Xiaotong, Yao, Yao, Zhang, Yuqing, Wang, He
Conference Name2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Date Publishedaug
Keywordsaddress determination analysis, backward slice approach, binary code snippets, Binary codes, binary firmware, CFG recovery approach, computer network security, dynamic analysis framework, dynamic analysis techniques, embedded firmware source code, FIoT framework, firmware, firmware analysis, firmware images, fuzzing, fuzzing test, hardware architectures, human factors, Internet of Things, IoT device operating systems, IoT industry, Libraries, library function identification approach, lightweight IoT device firmware images, lightweight IoT devices, lightweight IoT firmware, Loading, memory corruption, memory corruption vulnerabilities, Microprogramming, operating systems (computers), performance evaluation, policy-based governance, program compilers, program diagnostics, Program slicing, program testing, pubcrawl, Resiliency, Scalability, security, security researchers, static analysis, system monitoring, time 170.0 s, time 210.0 s, time 40.0 s, zero trust
AbstractThe IoT industry has developed rapidly in recent years, which has attracted the attention of security researchers. However, the researchers are hampered by the wide variety of IoT device operating systems and their hardware architectures. Especially for the lightweight IoT devices, many manufacturers do not provide the device firmware images, embedded firmware source code or even the develop documents. As a result, it hinders traditional static analysis and dynamic analysis techniques. In this paper, we propose a novel dynamic analysis framework, called FIoT, which aims at finding memory corruption vulnerabilities in lightweight IoT device firmware images. The key idea is dynamically run the binary code snippets through symbolic execution with carrying out a fuzzing test. Specifically, we generate code snippets through traversing the control-flow graph (CFG) in a backward manner. We improved the CFG recovery approach and backward slice approach for better performance. To reduce the influence of the binary firmware, FIoT leverages loading address determination analysis and library function identification approach. We have implemented a prototype of FIoT and conducted experiments. Our results show that FIoT can complete the Fuzzing test within 40 seconds in average. Considering 170 seconds for static analysis, FIoT can load and analyze a lightweight IoT firmware within 210 seconds in total. Furthermore, we illustrate the effectiveness of FIoT by applying it over 115 firmware images from 17 manufacturers. We have found 35 images exist memory corruptions, which are all zero-day vulnerabilities.
Citation Keyzhu_fiot_2019