FIRMNANO: Toward IoT Firmware Fuzzing Through Augmented Virtual Execution

摘要

Considering that the deployment of IoT devices is becoming more and more widespread, the security analysis of the firmware of these devices is extremely important. However, a large number of devices now have vulnerabilities that can be exploited, allowing attackers to remotely control IoT devices. In this article, we show FIRMNANO, a fuzzing framework for the firmware of IoT devices with microcontrollers as the core. Based on augmented virtual execution, FIRMNANO solves three key problems of microcontrollers firmware emulation: (1) MMIO region access (2) interrupt triggering (3) DMA support. On this basis, it conducts code coverage-based fuzzing testing for firmware. Our evaluation results show that FIRMNANO can execute firmware correctly and can be used for real-world firmware vulnerability mining.