Detecting vulnerabilities in IoT firmware via keyword identification and path optimization

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-10-20 DOI:10.1016/j.iot.2025.101808

Jie Liu , Yanqi Li , Rui Yao , Yang Zhang , Hongliang Liang

{"title":"Detecting vulnerabilities in IoT firmware via keyword identification and path optimization","authors":"Jie Liu , Yanqi Li , Rui Yao , Yang Zhang , Hongliang Liang","doi":"10.1016/j.iot.2025.101808","DOIUrl":null,"url":null,"abstract":"<div><div>The rapid growth of IoT devices has led to increased interconnectivity, exposing vulnerabilities in firmware, particularly in back-end programs that handle untrusted inputs such as HTTP requests. Existing static taint analysis methods can detect such vulnerabilities, but they often suffer from missing keywords and exploration of unnecessary paths, which reduces efficiency and coverage. In this paper, we present IotSleuth, an approach that detects vulnerabilities in firmware by identifying keywords in back-end binaries. Our key insight is that functions receiving requests from the front-end frequently invoke the same data processing routines multiple times with different strings. By analyzing these invocations, IotSleuth extracts keywords and propagates them to discover additional taint sources, effectively extending the coverage of traditional taint analysis. We further introduce path optimization strategies to reduce redundant path exploration, significantly improving analysis efficiency. We implemented IotSleuth and evaluated it on 117 IoT firmware samples from nine vendors. Experimental results show that IotSleuth discovered 27 new vulnerabilities, all of which were assigned Common Vulnerabilities and Exposures (CVE) identifiers, and outperformed KARONTE, SaTC, CINDY, and HermeScan in both detection effectiveness and analysis speed.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101808"},"PeriodicalIF":7.6000,"publicationDate":"2025-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525003221","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid growth of IoT devices has led to increased interconnectivity, exposing vulnerabilities in firmware, particularly in back-end programs that handle untrusted inputs such as HTTP requests. Existing static taint analysis methods can detect such vulnerabilities, but they often suffer from missing keywords and exploration of unnecessary paths, which reduces efficiency and coverage. In this paper, we present IotSleuth, an approach that detects vulnerabilities in firmware by identifying keywords in back-end binaries. Our key insight is that functions receiving requests from the front-end frequently invoke the same data processing routines multiple times with different strings. By analyzing these invocations, IotSleuth extracts keywords and propagates them to discover additional taint sources, effectively extending the coverage of traditional taint analysis. We further introduce path optimization strategies to reduce redundant path exploration, significantly improving analysis efficiency. We implemented IotSleuth and evaluated it on 117 IoT firmware samples from nine vendors. Experimental results show that IotSleuth discovered 27 new vulnerabilities, all of which were assigned Common Vulnerabilities and Exposures (CVE) identifiers, and outperformed KARONTE, SaTC, CINDY, and HermeScan in both detection effectiveness and analysis speed.

查看原文本刊更多论文

通过关键字识别和路径优化检测物联网固件中的漏洞

物联网设备的快速增长导致互联性增加，暴露了固件中的漏洞，特别是在处理HTTP请求等不可信输入的后端程序中。现有的静态污染分析方法可以检测到此类漏洞，但往往缺少关键字和探索不必要的路径，从而降低了效率和覆盖率。在本文中，我们介绍了IotSleuth，一种通过识别后端二进制文件中的关键字来检测固件漏洞的方法。我们的关键见解是，从前端接收请求的函数经常使用不同的字符串多次调用相同的数据处理例程。通过分析这些调用，IotSleuth提取关键字并传播它们以发现额外的污染源，有效地扩展了传统污染分析的覆盖范围。进一步引入路径优化策略，减少冗余路径探索，显著提高分析效率。我们实施了IotSleuth，并对来自9家供应商的117个IoT固件样本进行了评估。实验结果表明，IotSleuth发现了27个新的漏洞，所有漏洞都被分配了Common vulnerabilities and Exposures （CVE）标识符，在检测效率和分析速度上都优于KARONTE、SaTC、CINDY和HermeScan。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.