IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit
As IoT devices with microcontroller (MCU)-based firmware become more common in our lives, memory corruption vulnerabilities in their firmware are increasingly targeted by adversaries. Fuzzing is a powerful method for detecting these vulnerabilities, but it poses unique challenges when applied to IoT...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Future Internet |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1999-5903/17/1/19 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832588430887878656 |
|---|---|
| author | Wei Zhou Shandian Shen Peng Liu |
| author_facet | Wei Zhou Shandian Shen Peng Liu |
| author_sort | Wei Zhou |
| collection | DOAJ |
| description | As IoT devices with microcontroller (MCU)-based firmware become more common in our lives, memory corruption vulnerabilities in their firmware are increasingly targeted by adversaries. Fuzzing is a powerful method for detecting these vulnerabilities, but it poses unique challenges when applied to IoT devices. Direct fuzzing on these devices is inefficient, and recent efforts have shifted towards creating emulation environments for dynamic firmware testing. However, unlike traditional software, firmware interactions with peripherals that are significantly more diverse presents new challenges for achieving scalable full-system emulation and effective fuzzing. This paper reviews 27 state-of-the-art works in MCU-based firmware emulation and its applications in fuzzing. Instead of classifying existing techniques based on their capabilities and features, we first identify the fundamental challenges faced by firmware emulation and fuzzing. We then revisit recent studies, organizing them according to the specific challenges they address, and discussing how each specific challenge is addressed. We compare the emulation fidelity and bug detection capabilities of various techniques to clearly demonstrate their strengths and weaknesses, aiding users in selecting or combining tools to meet their needs. Finally, we highlight the remaining technical gaps and point out important future research directions in firmware emulation and fuzzing. |
| format | Article |
| id | doaj-art-9ed38095d2444faaa63973c536cc9f41 |
| institution | Kabale University |
| issn | 1999-5903 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Future Internet |
| spelling | doaj-art-9ed38095d2444faaa63973c536cc9f412025-01-24T13:33:35ZengMDPI AGFuture Internet1999-59032025-01-011711910.3390/fi17010019IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical RevisitWei Zhou0Shandian Shen1Peng Liu2School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan 430074, ChinaSchool of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan 430074, ChinaCollege of Information Sciences and Technology, The Pennsylvania State University, University Park, PA 16802, USAAs IoT devices with microcontroller (MCU)-based firmware become more common in our lives, memory corruption vulnerabilities in their firmware are increasingly targeted by adversaries. Fuzzing is a powerful method for detecting these vulnerabilities, but it poses unique challenges when applied to IoT devices. Direct fuzzing on these devices is inefficient, and recent efforts have shifted towards creating emulation environments for dynamic firmware testing. However, unlike traditional software, firmware interactions with peripherals that are significantly more diverse presents new challenges for achieving scalable full-system emulation and effective fuzzing. This paper reviews 27 state-of-the-art works in MCU-based firmware emulation and its applications in fuzzing. Instead of classifying existing techniques based on their capabilities and features, we first identify the fundamental challenges faced by firmware emulation and fuzzing. We then revisit recent studies, organizing them according to the specific challenges they address, and discussing how each specific challenge is addressed. We compare the emulation fidelity and bug detection capabilities of various techniques to clearly demonstrate their strengths and weaknesses, aiding users in selecting or combining tools to meet their needs. Finally, we highlight the remaining technical gaps and point out important future research directions in firmware emulation and fuzzing.https://www.mdpi.com/1999-5903/17/1/19IoT devicesMCUfirmwarevulnerability detectionperipheral modelingfirmware emulation |
| spellingShingle | Wei Zhou Shandian Shen Peng Liu IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit Future Internet IoT devices MCU firmware vulnerability detection peripheral modeling firmware emulation |
| title | IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit |
| title_full | IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit |
| title_fullStr | IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit |
| title_full_unstemmed | IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit |
| title_short | IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit |
| title_sort | iot firmware emulation and its security application in fuzzing a critical revisit |
| topic | IoT devices MCU firmware vulnerability detection peripheral modeling firmware emulation |
| url | https://www.mdpi.com/1999-5903/17/1/19 |
| work_keys_str_mv | AT weizhou iotfirmwareemulationanditssecurityapplicationinfuzzingacriticalrevisit AT shandianshen iotfirmwareemulationanditssecurityapplicationinfuzzingacriticalrevisit AT pengliu iotfirmwareemulationanditssecurityapplicationinfuzzingacriticalrevisit |