IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v17y2025i1p19-d1561106.html
   My bibliography  Save this article

IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit

Author

Listed:
  • Wei Zhou

    (School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan 430074, China)

  • Shandian Shen

    (School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan 430074, China)

  • Peng Liu

    (College of Information Sciences and Technology, The Pennsylvania State University, University Park, PA 16802, USA)

Abstract

As IoT devices with microcontroller (MCU)-based firmware become more common in our lives, memory corruption vulnerabilities in their firmware are increasingly targeted by adversaries. Fuzzing is a powerful method for detecting these vulnerabilities, but it poses unique challenges when applied to IoT devices. Direct fuzzing on these devices is inefficient, and recent efforts have shifted towards creating emulation environments for dynamic firmware testing. However, unlike traditional software, firmware interactions with peripherals that are significantly more diverse presents new challenges for achieving scalable full-system emulation and effective fuzzing. This paper reviews 27 state-of-the-art works in MCU-based firmware emulation and its applications in fuzzing. Instead of classifying existing techniques based on their capabilities and features, we first identify the fundamental challenges faced by firmware emulation and fuzzing. We then revisit recent studies, organizing them according to the specific challenges they address, and discussing how each specific challenge is addressed. We compare the emulation fidelity and bug detection capabilities of various techniques to clearly demonstrate their strengths and weaknesses, aiding users in selecting or combining tools to meet their needs. Finally, we highlight the remaining technical gaps and point out important future research directions in firmware emulation and fuzzing.

Suggested Citation

  • Wei Zhou & Shandian Shen & Peng Liu, 2025. "IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit," Future Internet, MDPI, vol. 17(1), pages 1-20, January.
  • Handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:19-:d:1561106
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/17/1/19/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/17/1/19/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:19-:d:1561106. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.