Haoran Yang (Institute of Information Engineering, Chinese Academy of Sciences), Jiaming Guo (Institute of Information Engineering, Chinese Academy of Sciences), Shuangning Yang (School of Internet, Anhui University), Guoli Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Qingqi Liu (Institute of Information Engineering, Chinese Academy of Sciences), Chi Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Zhenlu Tan (Institute of Information Engineering, Chinese Academy of Sciences), Lixiao Shan (Institute of Information Engineering, Chinese Academy of Sciences), Qihang Zhou (Institute of Information Engineering, Chinese Academy of Sciences), Mengting Zhou (Institute of Information Engineering, Chinese Academy of Sciences), Jianwei Tai (School of Internet, Anhui University), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences)
The proliferation of IoT devices has driven a rise in vulnerability exploits. Existing vulnerability detection approaches heavily rely on firmware or source code for analysis. This reliance critically compromises their efficiency in real-world black-box scenarios. To address this limitation, we propose IoTBec, a novel firmware and source-code independent framework for recurring vulnerability detection. IoTBec innovatively constructs a Vulnerability Interface Signature (VIS) based on black-box interfaces and known vulnerability information. The signature is designed to match potential recurring vulnerabilities against target devices. The framework then deeply integrates this signature-based detection with Large Language Model (LLM)-driven fuzzing. Upon a match, IoTBec automatically leverages LLMs to generate targeted fuzzing payloads for verification.
To evaluate IoTBec, we conducted extensive experiments on devices from five major IoT vendors. Results show that IoTBec discovers over 7 times more vulnerabilities than the current state-of-the-art (SOTA) black-box fuzzing methods, with 100% precision and 93.37% recall. Overall, IoTBec detected 183 vulnerabilities, 169 of which were assigned CVE IDs. Among these, 53 were newly discovered and had an average CVSS 3.x score of 8.61, covering buffer overflows, command injection, and CSRF issues. Notably, through LLM-driven fuzzing, IoTBec also discovered 25 previously unknown vulnerabilities. The experimental evidence suggests that IoTBec’s unique firmware and source-code independent paradigm enhances detection efficiency and enables the discovery of novel and variant vulnerabilities. We will release the source code for IoTBec and the experiment data at https://github.com/IoTBec.