Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Discover an innovative approach to automated black-box security testing of IoT and embedded devices in this 50-minute conference talk from the Hack In The Box Security Conference. Learn about the limitations of traditional black-box fuzzing and companion app-based techniques when applied to IoT devices. Explore a novel method that leverages "fuzzing triggers" within companion apps to generate optimal fuzzing inputs, bypassing app-side validation while maintaining valid input formats. Gain insights into Diane, a black-box fuzzer that combines static and dynamic analysis of Android apps to automatically identify and utilize fuzzing triggers for both WiFi and Bluetooth-connected devices. Examine the results of testing 11 popular IoT devices, including the discovery of 9 zero-day vulnerabilities. Investigate additional applications of this approach for identifying vulnerable update mechanisms and auditing trusted execution environments in embedded devices.
