Skip to content

Fuzzing Framework for ESP32 Microcontrollers

Authors

Matthias Börsig, Sven Nitzsche, Max Eisele, Roland Gröll, Jürgen Becker, Ingmar Baumgart

Corresponding author: Matthias Börsig

Abstract

With the increasing popularity of the Internet of Things (IoT), security issues in this domain have become a major concern in recent years. In favor of a fast time to market and low cost, security is often neglected during IoT development and little effort has been spent to enhance security tools to support the most common IoT architectures. Therefore, this work investigates fuzzing, an emerging security analysis technique, on the popular ESP32 IoT architecture. Instead of performing fuzzing directly on the target IoT system, we propose a full-system emulator that runs ESP32 firmware images and is able to perform fuzzing several orders of magnitude faster than the actual system. Using this emulator, we were able to fuzz a commercial IoT device with more than 300 requests per second and identify a bug in it within a few minutes. The developed framework can not only be used for discovering security issues in released products, but also for automated fuzzing tests during development.

© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Publication

Published on December 6th, 2020 at IEEE International Workshop on Information Forensics and Security (WIFS), New York USA

DOI: 10.1109/WIFS49906.2020.9360889
BibTeX: Download
PDF: Download

Presentation Video

Bibliography

@inproceedings{Boersig.2020,
  author = {Matthias Börsig and Sven Nitzsche and Max Eisele and Roland Gröll and Jürgen Becker and Ingmar Baumgart},
  title = {{Fuzzing Framework for ESP32 Microcontrollers}},
  year = {2020},
  pages = {1-6},
  month = {12},
  publisher = {{IEEE}},
  booktitle = {2020 IEEE International Workshop on Information Forensics and Security (WIFS)},
  url = {https://ieeexplore.ieee.org/document/9360889},
  doi = {10.1109/wifs49906.2020.9360889},
}