Jiangan Ji (Information Engineering University,Tsinghua University), Chao Zhang (Tsinghua University), Shuitao Gan (Labortory for Advanced Computing and Intelligence Engineering), Lin Jian (Information Engineering University), Hangtian Liu (Information Engineering University), Tieming Liu (Information Engineering University), Lei Zheng (Tsinghua university), Zhipeng Jia (Information Engineering University)

The rapid proliferation of IoT devices has introduced substantial security vulnerabilities. Existing vulnerability detection techniques exhibit various weaknesses: static analysis solutions (including large language models, LLMs) suffer from high false positives and provide no PoC (proof-of-concept) samples, while dynamic analysis solutions (e.g., fuzzing) often have high false negatives.
To address these challenges, we present FirmAgent, the first hybrid solution that leverages fuzzing to assist LLM agents in finding vulnerabilities in IoT firmware.
Our design is motivated by the key observation that fuzzing can accurately identify input-related code points in firmware, while static analysis can thoroughly analyze program paths starting from those code points.
FirmAgent utilizes fuzzing to collect runtime input points (i.e., taint sources) and reconstruct potential vulnerability paths. Then, it applies an LLM agent to perform context-aware taint analysis along the potential paths and another LLM agent to refine the fuzzing-generated testcase to generate PoC testcases.
We evaluate FirmAgent on 14 real-world IoT firmware. It identifies 182 vulnerabilities with a precision of 91%, including 140 previously unknown vulnerabilities, 17 of which have been assigned CVE numbers. Our results demonstrate that FirmAgent substantially outperforms SOTA tools in both detection capability and precision.

View More Papers

From Noise to Signal: Precisely Identify Affected Packages of...

Yingyuan Pu (QI-ANXIN Technology Research Institute), Lingyun Ying (QI-ANXIN Technology Research Institute), Yacong Gu (Tsinghua University, Tsinghua University-QI-ANXIN Group JCNS)

Read More

Side-channel Inference of User Activities in AR/VR Using GPU...

Seonghun Son (Iowa State University), Chandrika Mukherjee (Purdue University), Reham Mohamed Aburas (American University of Sharjah), Berk Gulmezoglu (Iowa State University), Z. Berkay Celik (Purdue University)

Read More

DuoLungo: Usability Study of Duo 2FA

Renascence Tarafder Prapty (University of California Irvine), Gene Tsudik (University of California Irvine)

Read More