Physical Devices-Agnostic Hybrid Fuzzing of IoT Firmware

With the rapid expansion of the Internet of Things, a vast number of microcontroller-based (MCU) IoT devices are now susceptible to attacks through the Internet. Vulnerabilities within the firmware are one of the most important attack surfaces. Fuzzing has emerged as one of the most effective techniques for identifying such vulnerabilities. However, when applied to IoT firmware, several challenges arise, including: 1) the inability of firmware to execute properly in the absence of peripherals; 2) the lack of support for exploring input spaces of multiple peripherals; 3) difficulties in instrumenting and gathering feedback; and 4) the absence of a fault detection mechanism. To address these challenges, we have developed and implemented an innovative peripheral-independent hybrid fuzzing tool called FirmHybirdFuzzer. This tool enables testing of MCU firmware without reliance on specific peripheral hardware. First, a unified virtual peripheral was integrated to model the behaviors of various peripherals, thus enabling the physical devices-agnostic firmware execution. Then, a hybrid event generation approach was used to generate inputs for different peripheral accesses. Furthermore, two-level coverage feedback was collected to optimize the testcase generation. Finally, a plugin-based fault detection mechanism was implemented to identify typical memory corruption vulnerabilities. A large-scale experimental evaluation has been performed to show FirmHybirdFuzzer's effectiveness and efficiency.