{"id":"https://openalex.org/W4380926575","doi":"https://doi.org/10.1145/3581791.3596857","title":"No More Companion Apps Hacking but One Dongle: Hub-Based Blackbox Fuzzing of IoT Firmware","display_name":"No More Companion Apps Hacking but One Dongle: Hub-Based Blackbox Fuzzing of IoT Firmware","publication_year":2023,"publication_date":"2023-06-16","ids":{"openalex":"https://openalex.org/W4380926575","doi":"https://doi.org/10.1145/3581791.3596857"},"language":"en","primary_location":{"id":"doi:10.1145/3581791.3596857","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3581791.3596857","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3581791.3596857","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3581791.3596857","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102910546","display_name":"Xiaoyue Ma","orcid":"https://orcid.org/0009-0003-3205-9605"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaoyue Ma","raw_affiliation_strings":["George Mason University, Fairfax, Virginia, USA"],"raw_orcid":"https://orcid.org/0009-0003-3205-9605","affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, Virginia, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102018601","display_name":"Qiang Zeng","orcid":"https://orcid.org/0000-0001-9432-6017"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qiang Zeng","raw_affiliation_strings":["George Mason University, Fairfax, Virginia, United States"],"raw_orcid":"https://orcid.org/0000-0001-9432-6017","affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, Virginia, United States","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086115204","display_name":"Haotian Chi","orcid":"https://orcid.org/0000-0002-0222-4660"},"institutions":[{"id":"https://openalex.org/I181877577","display_name":"Shanxi University","ror":"https://ror.org/03y3e3s17","country_code":"CN","type":"education","lineage":["https://openalex.org/I181877577"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haotian Chi","raw_affiliation_strings":["Shanxi University, Taiyuan, Shanxi, China"],"raw_orcid":"https://orcid.org/0000-0002-0222-4660","affiliations":[{"raw_affiliation_string":"Shanxi University, Taiyuan, Shanxi, China","institution_ids":["https://openalex.org/I181877577"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067262852","display_name":"Lannan Luo","orcid":"https://orcid.org/0000-0003-2476-7831"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lannan Luo","raw_affiliation_strings":["George Mason University, Fairfax, Virginia, United States"],"raw_orcid":"https://orcid.org/0000-0003-2476-7831","affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, Virginia, United States","institution_ids":["https://openalex.org/I162714631"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5102910546"],"corresponding_institution_ids":["https://openalex.org/I162714631"],"apc_list":null,"apc_paid":null,"fwci":3.9082,"has_fulltext":true,"cited_by_count":21,"citation_normalized_percentile":{"value":0.94734886,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"205","last_page":"218"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9863136410713196},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8851132988929749},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.8537193536758423},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.4554325342178345},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.4540889263153076},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.42467060685157776},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.41011545062065125},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3434441089630127},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3137282729148865},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.27661973237991333},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.17568856477737427},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1604900062084198}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9863136410713196},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8851132988929749},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.8537193536758423},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.4554325342178345},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.4540889263153076},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.42467060685157776},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.41011545062065125},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3434441089630127},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3137282729148865},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.27661973237991333},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.17568856477737427},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1604900062084198}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3581791.3596857","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3581791.3596857","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3581791.3596857","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3581791.3596857","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3581791.3596857","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3581791.3596857","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1300887438","display_name":null,"funder_award_id":"CNS-2309477","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2017594339","display_name":"SaTC: CORE: Small: Semantics-Oriented Binary Code Analysis Learning from Recent Advances in Deep Learning","funder_award_id":"2304720","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5245588412","display_name":"Collaborative Research: CNS Core: Medium: Towards Understanding and Handling Problems Due to Coexistence of Multiple IoT Platforms","funder_award_id":"2310322","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7814707319","display_name":"CCRI: Medium: Collaborative Research: Hardware-in-the-Loop and Remotely-Accessible/Configurable/Programmable Internet of Things (IoT) Testbeds","funder_award_id":"2309477","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8860580998","display_name":"CAREER: Towards Secure and Usable IoT Authentication Under Constraints","funder_award_id":"2309550","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4380926575.pdf","grobid_xml":"https://content.openalex.org/works/W4380926575.grobid-xml"},"referenced_works_count":45,"referenced_works":["https://openalex.org/W2043118292","https://openalex.org/W2180970301","https://openalex.org/W2397897814","https://openalex.org/W2532962075","https://openalex.org/W2626301739","https://openalex.org/W2753873057","https://openalex.org/W2791018263","https://openalex.org/W2797618589","https://openalex.org/W2886694146","https://openalex.org/W2890559797","https://openalex.org/W2962909855","https://openalex.org/W2963408280","https://openalex.org/W2969698712","https://openalex.org/W2969701519","https://openalex.org/W2972481639","https://openalex.org/W2982374693","https://openalex.org/W2986938475","https://openalex.org/W3006130050","https://openalex.org/W3014190271","https://openalex.org/W3046848477","https://openalex.org/W3096980218","https://openalex.org/W3097734799","https://openalex.org/W3097868972","https://openalex.org/W3103269073","https://openalex.org/W3111743984","https://openalex.org/W3113108440","https://openalex.org/W3115454775","https://openalex.org/W3154093559","https://openalex.org/W3155102819","https://openalex.org/W3201858020","https://openalex.org/W3212565000","https://openalex.org/W3213973488","https://openalex.org/W4200580785","https://openalex.org/W4210660460","https://openalex.org/W4213029356","https://openalex.org/W4220806723","https://openalex.org/W4285298338","https://openalex.org/W4285490418","https://openalex.org/W4288048257","https://openalex.org/W4292822913","https://openalex.org/W4297802342","https://openalex.org/W4307739759","https://openalex.org/W4308411344","https://openalex.org/W4310113688","https://openalex.org/W4312522682"],"related_works":["https://openalex.org/W4378373752","https://openalex.org/W2352737138","https://openalex.org/W2007597182","https://openalex.org/W2008592783","https://openalex.org/W2179304688","https://openalex.org/W2159690530","https://openalex.org/W2004278744","https://openalex.org/W2107510936","https://openalex.org/W2368911326","https://openalex.org/W2027779752"],"abstract_inverted_index":{"Given":[0],"the":[1,35,64,68,73,119,133,168,186],"massive":[2],"difficulty":[3],"in":[4,162],"emulating":[5],"IoT":[6,11,24,36,46,80,109,127,164,191],"firmware,":[7],"blackbox":[8,23],"fuzzing":[9,56,107],"of":[10,44,185],"devices":[12,81,192],"for":[13,106],"vulnerability":[14],"discovery":[15],"has":[16],"become":[17],"an":[18,126],"attractive":[19],"option.":[20],"However,":[21],"existing":[22],"fuzzers":[25],"need":[26],"much":[27,179],"time":[28],"and":[29,70,97,125,135,193],"tedious":[30],"effort":[31],"to":[32,72,85,129,178],"reverse":[33,112],"engineer":[34],"companion":[37,59,115,148],"app":[38,60,69],"(or":[39],"manually":[40,74],"collect":[41],"test":[42,189],"scripts)":[43],"each":[45],"device,":[47],"which":[48,157],"is":[49,61],"unscalable":[50],"when":[51],"analyzing":[52],"many":[53],"devices.":[54],"Moreover,":[55],"through":[57],"a":[58,87,102,123,147],"impeded":[62],"by":[63,146],"input":[65],"sanitization":[66,144],"inside":[67],"limited":[71],"revealed":[75],"functions.":[76],"We":[77,99,166,188],"notice":[78],"that":[79,175],"are":[82],"typically":[83],"able":[84],"connect":[86],"hub":[88,124],"using":[89],"standard":[90],"wireless":[91],"protocols":[92],"(such":[93],"as":[94],"ZigBee,":[95],"Z-Wave,":[96],"WiFi).":[98],"thus":[100],"propose":[101],"uniform":[103],"hub-based":[104],"architecture":[105],"various":[108],"devices,":[110],"without":[111],"engineering":[113],"any":[114],"apps.":[116],"It":[117,142],"exploits":[118],"messages":[120],"exchanged":[121],"between":[122],"device":[128,154],"automatically":[130],"discover":[131],"all":[132],"functions,":[134],"then":[136],"launches":[137],"systematic":[138],"function-oriented":[139],"message-semantics-guided":[140],"fuzzing.":[141],"avoids":[143],"imposed":[145],"app.":[149],"In":[150],"addition,":[151],"it":[152],"conducts":[153],"state-sensitive":[155],"fuzzing,":[156],"we":[158],"find":[159,194],"very":[160],"effective":[161],"finding":[163],"bugs.":[165],"implement":[167],"system":[169],"named":[170],"HubFuzzer.":[171],"The":[172],"evaluation":[173],"shows":[174],"HubFuzzer":[176],"leads":[177],"higher":[180],"coverage":[181],"than":[182],"prior":[183],"state":[184],"art.":[187],"21":[190],"23":[195],"zero-day":[196],"vulnerabilities.":[197],"Four":[198],"CVEs":[199],"have":[200],"been":[201],"assigned.":[202]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":2}],"updated_date":"2026-06-02T09:04:35.204637","created_date":"2025-10-10T00:00:00"}