IoTCID: A Dynamic Detection Technology for Command Injection Vulnerabilities in IoT Devices

The pervasiveness of IoT devices has brought us convenience as well as the risks of security vulnerabilities. However, traditional device vulnerability detection methods cannot efficiently detect command injection vulnerabilities due to heavy execution overheads or false positives and false negatives. Therefore, we propose a novel dynamic detection solution, IoTCID. First, it generates constrained models by parsing the front-end files of the IoT device, and a static binary analysis is performed towards the back-end programs to locate the interface processing function. Then, it utilizes a fuzzing method based on the feedback from Distance Function, which selects high-quality samples through various scheduling strategies. Finally, with the help of the probe code, it compares the parameter of potential risk functions with samples to confirm the command injection vulnerabilities. We implement a prototype of IoTCID and evaluate it on real-world IoT devices from three vendors and confirm six vulnerabilities. It shows that IoTCID are effective in discovering command injection vulnerabilities in IoT devices.