Research on IoT Device Vulnerability Mining Technology Based on Static Preprocessing and Coloring Analysis

摘要

IoT devices are playing an increasingly important role in people's lives, and large-scale attacks on IoT devices will have serious consequences. Due to the closed nature of IoT devices, traditional vulnerability mining techniques are not directly applicable to the vulnerability mining of IoT devices. In this paper, we propose a taint-style vulnerability detection method that combines static analysis, static preprocessing, and coloring analysis. We implemented the prototype tool Aric based on this method and evaluated the tool with the real device firmware. The results show that Aric can discover the vulnerabilities in the real device firmware, with higher efficiency and lower resource occupation rate. We found multiple previously-unknown and zero-day vulnerabilities.