Abstract
At present, embedded devices have become a part of people’s lives, so detecting security vulnerabilities contained in devices becomes imperative. There are three challenges in detecting embedded device vulnerabilities: (1) Most network protocols are stateful; (2) the communication between the web front-end and the device is encrypted or encoded; and (3) the conditional constraints of programs in the device reduce the depth and breadth of fuzz testing. To address these challenges, we propose a new type of gray-box fuzz testing framework in this paper, called EWVHunter, which is mainly used to find authentication bypass and command injection vulnerabilities in embedded devices. The key idea in this paper is based on the observation that most embedded devices are controlled through the web front-end. Such embedded devices often contain rich information in the communication protocol between the web front-end and device. Therefore, by filling data at the input source on the web front-end and reusing web front-end program logic, we can effectively solve the impact of the stateful network protocol and communication data encryption on fuzzing without relying on any knowledge about the communication protocol. Additionally, we use firmware information extraction to enhance EWVHunter so that it can detect vulnerabilities in deep layer codes and hidden interfaces. In our research, we implemented EWVHunter and evaluated 8 real-world embedded devices, and our approach identified 12 vulnerabilities (including 7 zero-days), which affect a total of 31,996 online devices.
Highlights
Embedded devices are widely used in our lives, such as smart home routers and IP cameras.In the past few years, the connection between embedded devices has become closer, forming the Internet of Things (IoT)
By using the information in the official firmware and the program logic of the web front-end used as the control terminal, EWVHunter can automatically detect authentication bypass vulnerabilities and command injection vulnerabilities in embedded devices; We solved three challenges of fuzzing tests towards embedded devices: (1) The difficulty of testing deep layer codes and finding hidden interfaces; (2) the challenge of dealing with stateful network protocols; and (3) the problem of handling encrypted or encoded messages; We implemented a prototype of EWVHunter, conducted gray-box fuzzing tests on eight real-world devices and found 12 vulnerabilities, including seven unreported zero-day vulnerabilities, which affect a total of 31,996 online devices
That is why the research cases in this paper mainly focus on control nodes and gateway nodes
Summary
Embedded devices are widely used in our lives, such as smart home routers and IP cameras.In the past few years, the connection between embedded devices has become closer, forming the Internet of Things (IoT). Embedded devices are widely used in our lives, such as smart home routers and IP cameras. Some current research shows that the loose protection of these devices and the security vulnerabilities are widespread and easy to exploit [2,3,4]. These security risks can allow attackers to build large-scale botnets [5] and provide the basis for DDoS attacks. The gateway node is generally a home router, which is mainly used to connect the embedded device into a network environment, which is convenient for the control node to complete the control of the sensor node through the network node. That is why the research cases in this paper mainly focus on control nodes and gateway nodes
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
