Discovering Known Vulnerabilities in IoT Devices via Code Search

Discovering vulnerabilities in an IoT ecosystem is like finding a needle in a haystack, even when we are dealing with known vulnerabilities. For many IoT products, security is an afterthought. Between copy-paste coding practices and outsourcing of functionality to untrusted third-party libraries, the development process of IoT devices is a fertile environment for bug generation and persistence. As several integration vendors may rely upon the same subcontractors, tools, or SDKs provided by third-party vendors, bugs generated during the development process can be spread across hundreds or even thousands of IoT devices with similar firmware. Without detailed knowledge of the internal relationships between these vendors, it is impossible to track the same vulnerability across the IoT ecosystem.

Featured post icon

A Fast and Accurate Disassembler based on Deep Learning

Searching Statically Linked Vulnerable Functions in Minutes

Searching Vulnerabilities in Binaries

A Comparative Review of Embedding based Binary Code Search Techniques