AE
#NDSS #NDSS18 #NDSS2018

NDSS 2018 - IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing

NDSS Symposium
1,171 views

Transcript

The interactive transcript could not be loaded.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Mar 14, 2018

SESSION 1A:IoT - 01 IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing

SUMMARY
With more IoT devices entering the consumer market, it becomes imperative to detect their security vulnerabilities before an attacker does. Existing binary analysis based approaches only work on firmware, which is less accessible except for those equipped with special tools for extracting the code from the device. To address this challenge in IoT security analysis, we present in this paper a novel automatic fuzzing framework, called IOTFUZZER, which aims at finding memory corruption vulnerabilities in IoT devices without access to their firmware images. The key idea is based upon the observation that most IoT devices are controlled through their official mobile apps, and such an app often contains rich information about the protocol it uses to communicate with its device. Therefore, by identifying and reusing program-specific logic (e.g., encryption) to mutate the test case (particularly message fields), we are able to effectively probe IoT targets without relying on any knowledge about its protocol specifications. In our research, we implemented IOTFUZZER and evaluated 17 real-world IoT devices running on different protocols, and our approach successfully identified 15 memory corruption vulnerabilities (including 8 previously unknown ones).

SLIDES
http://wp.internetsociety.org/ndss/wp...

PAPER
https://www.ndss-symposium.org/wp-con...

AUTHORS
Di Tang (Chinese University of Hong Kong)
Zhe Zhou (Fudan University)
Yinqian Zhang (Ohio State University)
Kehuan Zhang (Chinese University of Hong Kong)

Network and Distributed System Security (NDSS) Symposium 2018, 18-21 February 2018, Catamaran Resort Hotel & Spa in San Diego, California.
https://www.ndss-symposium.org/ndss20...


ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
https://www.ndss-symposium.org/

#NDSS #NDSS18 #NDSS2018 #InternetSecurity

When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to