AFLIoT: Fuzzing on linux-based IoT device with binary-level instrumentation

In recent years, coverage-guided greybox fuzzing has demonstrated its efficiency in detecting security vul-nerabilities on traditional devices. Instrumentation information plays a significant role in sophisticated greybox fuzzer such as American Fuzzing Lop to directionally improve coverage and distill seeds. While open-source programs leverage wrapped assemblers to glean instrumentation information, closed-source programs can utilize the emulation-based instrumentation for coverage-guided fuzzing. The pervasiveness of the closed source puts a strong demand for emulation instrumentation. However, the required access to peripherals brings great difficulty in fuzzing on the emulator, especially for those various IoT devices. This paper presents A FLIo T , the first generic on-device fuzzing framework for Linux-based IoT binary pro-grams. By leveraging offset-free binary-level instrumentation, binary programs can avoid unnecessarily rewriting, inherit compatibility of peripherals, and be executed directly on IoT devices by A FLIo T . We evaluate A FLIo T on multiple benchmarks with real-world IoT programs. A FLIo T identified 437 unique crashes in 13 binary programs, including 95 newly confirmed unique crashes. Those crashes demonstrate that A FLIo T is efficient and effective in detecting potential software bugs in binary programs on Linux-based IoT devices.(c) 2022 Elsevier Ltd. All rights reserved.