Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface

الملخص EN

A novel approach for discovering vulnerability in commercial off-the-shelf (COTS) IoT devices is proposed in this paper, which will revolutionize the area.

Unlike previous work, the web management interface in IoT was used to detect vulnerabilities by leveraging fuzzing technology.

To validate and evaluate this scheme, a tool named WMIFuzzer was designed and implemented.

There were also two challenges: (1) due to the diversity of web interface implementations, there were no existing seed messages for fuzzing this interface and it was inefficient while taking random messages to launch the fuzzing and (2) because of the highly structured seed message, fuzzing with byte-level mutation could conduce to be rejected by the device at an early stage.

To address these challenges, a brute-force UI automation was designed to drive the web interface to generate initial seed messages automatically, as well as a weighted message parse tree (WMPT) was proposed to guide the mutation to generate mostly structure-valid messages.

The extensive experimental results show that WMIFuzzer could achieve expected result while 10 vulnerabilities including 6 zero-days in 7 COTS IoT devices were discovered.