A comprehensive survey of vulnerability detection method towards Linux-based IoT devices

The IoT devices have introduced vulnerabilities and new attack vectors, making many devices a prime target for cybercriminals, while enriching people’s daily lives and industries. Vulnerability detection can effectively address this growing threat. However, due to variability of software and hardware, non-disclosure of source code and documentation, and limited resources of IoT devices, security analysis has never been an easy task. Although researchers have developed many new methods to overcome various challenges in the past decade, key challenges still hinder the practical application of firmware vulnerability mining. Therefore, this paper aims to systematically summarize existing work and analyze the challenges of this field and its solutions. Result: By summarizing the state-of-the-art approaches for static, dynamic, and hybrid analysis of IoT firmware and network service programs, we identify their advantages, disadvantages, and limitations. We found that network service programs are the main attack surface for 0-day vulnerability. Meanwhile, in the short term, static analysis and dynamic analysis are still mainstream techniques for vulnerability detection. Moreover, we point out that unique running workflow and environments are the biggest challenges for vulnerability detection. This survey serves as a reference for researchers and practitioners interested in IoT device security analysis and helps identify promising research directions for the future.