6 Hits in 5.6 sec

ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities

Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Longquan Liu, Yanyan Zou, Chao Zhang, Baoxu Liu
2021 Cybersecurity  
To discover these vulnerabilities, fuzzing web server modules of SOHO routers is the most popular solution.  ...  In total, it discovered 136 unique issues, 120 of which have been confirmed as 0-day vulnerabilities we found.  ...  Therefore, discovering vulnerabilities in SOHO routers becomes significantly important. A typical architecture of the SOHO router is shown on the right side of Fig. 1 .  ... 
doi:10.1186/s42400-021-00091-9 fatcat:ijwu5nibhnbudmg5ra6uzuvfji

Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface

Dong Wang, Xiaosong Zhang, Ting Chen, Jingwei Li
2019 Security and Communication Networks  
A novel approach for discovering vulnerability in commercial off-the-shelf (COTS) IoT devices is proposed in this paper, which will revolutionize the area.  ...  The extensive experimental results show that WMIFuzzer could achieve expected result while 10 vulnerabilities including 6 zero-days in 7 COTS IoT devices were discovered.  ...  in open-source firmware programs.  ... 
doi:10.1155/2019/5076324 fatcat:k4qqipethrdlzkebxwh2d6haxy

A Large-Scale Analysis of the Security of Embedded Firmwares

Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti
2014 USENIX Security Symposium  
In summary, without performing sophisticated static analysis, we discovered a total of 38 previously unknown vulnerabilities in over 693 firmware images.  ...  Moreover, by correlating similar files inside apparently unrelated firmware images, we were able to extend some of those vulnerabilities to over 123 different products.  ...  We also thank Pietro Michiardi and Daniele Venzano for providing access and support to their cloud infrastructure, and John Matherly of Shodan search engine for providing direct access to Shodan's data  ... 
dblp:conf/uss/CostinZFB14 fatcat:2hmiegyeibab7j2kaq5wlm4shy

Smart Grid: Cyber Attacks, Critical Defense Approaches, and Digital Twin [article]

Tianming Zheng, Ming Liu, Deepak Puthal, Ping Yi, Yue Wu, Xiangjian He
2022 arXiv   pre-print
As a result, works are needed to sort out relevant contents so that DT can be better embedded in the security architecture design of smart grid.  ...  of DT, including its basic concepts, applications in the smart grid, and how DT enhances the security.  ...  ACKNOWLEDGMENT We appreciate the support of the National Key R&D Program of China under Grants No. 2020YFB1807500, No. 2020YFB1807504, and National Science Foundation of China Key Project under Grants  ... 
arXiv:2205.11783v1 fatcat:fz43u2e6g5gyfepqz44tezelba

A taxonomy of cyber-physical threats and impact in the smart home

Ryan Heartfield, George Loukas, Sanja Budimir, Anatolij Bezemskij, Johnny R.J. Fontaine, Avgoustinos Filippoupolitis, Etienne Roesch
2018 Computers & security  
Table 1: Summary of existing taxonomies with applicability in smart home cyber security Reference Key security properties Vulnerabilities/challenges Security recommended Open problems identified Komninos  ...  Utilising the taxonomy, we classify twenty five different smart home attacks, providing further examples of legitimate, yet vulnerable smart home configurations which can lead to second-order attack vectors  ...  In 2013, researchers discovered five vulnerabilities in WeMO related to hardcoding of cryptographic keys, downloading firmware codes without integrity checks based on the absence of a local certificate  ... 
doi:10.1016/j.cose.2018.07.011 fatcat:cq6g7sb5uvaavoth4myqadhmau

An empirical evaluation of misconfiguration in Internet services [article]

Tobias Fiebig, Technische Universität Berlin, Technische Universität Berlin, Anja Feldmann
In fact, there is a constant stream of new, complex techniques to ensure the confidentiality, integrity, and availability of data and systems.  ...  We refer to these as security misconfigurations. In this thesis we empirically investigate the nature of security misconfigurations.  ...  If an application isn't designed to provide security, users of the application discover that they are vulnerable to attack."  ... 
doi:10.14279/depositonce-6140 fatcat:lvw4geuxrrgfhi3ms3t7m6pkl4