SMuF: State machine based mutational fuzzing framework for internet of things

Neeraj Karamch, ani, Vinay Sachidan, a, Suhas Setikere, Jianying Zhou, Yuval Elovici

Critical Information Infrastructures Security: 13th International Conference …, 2019

The Internet of Things (IoT) exposes vulnerabilities at various levels. In this paper, we propose a mutation-based fuzzing framework called SMuF in order to find various vulnerabilities in IoT devices. We harness the power of state machine to generate distinct states of a protocol. In addition, we also generate legitimate packets as levels and sub-levels to intelligently mutate the data fields in the packet. Our mutation technique lies in mutation based on location, context and time. We propose a probability score for selecting the inputs for fuzzing based on payload length. We implemented and evaluated the proposed framework in our IoT security testbed. Using SMuF, we have discovered various vulnerabilities such as Denial of Service (DoS), Buffer Overflow, Session Hijacking etc.