Fuzzing of Embedded Systems: A Survey

Security attacks abuse software vulnerabilities of IoT devices; hence, detecting and eliminating these vulnerabilities immediately are crucial. Fuzzing is an efficient method to identify vulnerabilities automatically, and many publications have been released to date. However, fuzzing for embedded systems has not been studied extensively owing to various obstacles, such as multi-architecture support, crash detection difficulties, and limited resources. Thus, the article introduces fuzzing techniques for embedded systems and the fuzzing differences for desktop and embedded systems. Further, we collect state-of-the-art technologies, discuss their advantages and disadvantages, and classify embedded system fuzzing tools. Finally, future directions for fuzzing research of embedded systems are predicted and discussed.

Automated summary

Security attacks exploit software vulnerabilities in IoT devices, so it is essential to detect and eliminate these vulnerabilities promptly. Fuzzing is an effective automated method for identifying vulnerabilities, and there have been numerous publications on the topic. However, there is limited research on fuzzing for embedded systems due to obstacles like multi-architecture support, crash detection challenges, and resource constraints. This article introduces fuzzing techniques for embedded systems, compares them to desktop systems, discusses the pros and cons of state-of-the-art technologies, and classifies embedded system fuzzing tools. It also predicts and discusses future directions for fuzzing research in embedded systems.