Firmulti Fuzzer: Discovering Multi-process Vulnerabilities in IoT Devices with Full System Emulation and VMI

With the growth of Internet of Things devices, the number and complexity of these devices are increasing rapidly. Nevertheless, many IoT products are developed without sufficient consideration for security, leaving them vulnerable to exploitation by malware. To proactively address these vulnerabilities before they are discovered by malicious attackers, information security researchers use both static and dynamic analysis techniques to identify vulnerabilities and propose firmware updates. Due to the variety of IoT firmware architectures, conducting fuzzing tests directly on firmware using a general personal computer is challenging. As a solution, emulation techniques are commonly applied to create virtual environments for vulnerability detection. However, existing emulation-based fuzzing test tools often prioritize efficiency and avoid utilizing full-system emulation. These tools are limited to detecting vulnerabilities in individual programs and are unable to identify deep-seated vulnerabilities that arise from interactions across multiple processes. To solve this challenge, we have proposed Firmulti Fuzzer, a fuzzing framework leverages full system emulation. In our approach, we do emulation for two times. The first emulation utilizes the existing emulation system to acquire the full system emulation configuration of the firmware. Next, the second emulation uses an emulator with virtual machine introspection (VMI) function to monitor the entire system environment. With Firmulti Fuzzer, we can track the execution status of all programs within the environment and generate notifications upon detecting exceptions, thereby identifying vulnerabilities stemming from interactions among multiple processes. Experiments have shown the effectiveness of Firmulti Fuzzer in detecting both general vulnerabilities and multi-process vulnerabilities. Most importantly, Firmulti Fuzzer outperforms other fuzzers in identifying multi-process vulnerabilities. Firmulti Fuzzer holds promising potential as a tool for enhancing the security of IoT devices and mitigating the exploitation of vulnerabilities by malicious attackers.