Dongming Sun,Liang Hu,Gang Wu,Yongheng Xing,Juncheng Hu,Feng Wang

DOI: https://doi.org/10.1109/jiot.2024.3362950

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The increased utilization of Trigger-Action Programming (TAP) rules in smart homes has raised concerns regarding potential security threats in the interactions between smart digital devices/online services (DD/OS) and the physical environment. To ensure the secure use of intelligent and convenient infrastructure for users, we introduce an approach aimed at detecting potential security threats. In this paper, we propose IoT security threat models and categorize the threats into Risky DD/OS with Physical Security, Contradictory Operation of DD/OS and Environmental Impact Conflict. To effectively detect security threats, we construct an Internet of Things-Heterogeneous Information Networks (IoT-HIN) and enhance it with a knowledge base tool, transforming it into a knowledge-based IoT-HIN. We establish meta-paths to conduct analysis of events triggered by rules, and a threat detection algorithm is proposed to identify potential security threats and determine the rules leading to these threats. The proposed approach is validated using a real-world dataset, and the experimental results demonstrate its efficiency and practicality. Furthermore, a comparative analysis with similar works is conducted to highlight the superiority of our proposed approach.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yi Gao,Kaijie Xiao,Fu Li,Weifeng Xu,Jiaming Huang,Wei Dong

DOI: https://doi.org/10.1145/3600061.3603141

2024-01-01

Abstract:Trigger-Action Program (TAP) is a simple but powerful format to realize intelligent IoT applications, especially in home automation scenarios. Existing trace-driven approaches and in-situ programming approaches depend on either customized interaction commands or well-labeled datasets, resulting in limited applicable scenarios. In this paper, we propose ChatIoT, a zero-code TAP generation system based on large language models (LLMs). With a novel context-aware compressive prompting scheme, ChatIoT is able to automatically generate TAPs from user requests in a token-efficient manner and deploy them to the TAP runtime. Further, for those TAP requests including unknown sensing abilities, ChatIoT can also generate new AI models with knowledge distillation by multimodal LLMs, with a novel model customization method based on deep reinforcement learning. We implemented ChatIoT and evaluated its performance extensively. Results show that ChatIoT can reduce token consumption by 26.1-84.9% and improve TAP generation accuracy by 4.2-65.5% compared to state-of-the-art approaches in multiple settings. We also conducted a real user study, and ChatIoT can achieve 91.57% TAP generation accuracy.

Liuhuo Wan,Kailong Wang,Kulani Tharaka Mahadewa,Haoyu Wang,Guangdong Bai

DOI: https://doi.org/10.1145/3589334.3645721

2024-01-01

Abstract:Web-based trigger-action platforms (TAP) allow users to integrate Internet of Things (IoT) systems and online services into trigger-action integrations (TAIs), facilitating rich automation tasks known as applets. Despite their benefits, these integrations~(typically involving the TAP, trigger, and action service providers) pose significant security and privacy challenges, such as mis-triggering and data leakage. This work investigates cross-entity permission management within TAIs to address the underlying causes of these security and privacy issues, emphasizing permission-functionality consistency to ensure fairness in permission requests. We introduce PFCon, a system that leverages GPT-based language models for analyzing required and requested permissions, revealing excessive permission requests in a large-scale study of IFTTT TAP. Our findings highlight the need for service providers to enforce permission-functionality consistency, raising awareness of the importance of security and privacy in TAI.

Yinbo Yu,Yuanqi Xu,Kepu Huang,Jiajia Liu

2024-07-12

Abstract:Trigger-Action Programming (TAP) is a popular end-user programming framework in the home automation (HA) system, which eases users to customize home automation and control devices as expected. However, its simplified syntax also introduces new safety threats to HA systems through vulnerable rule interactions. Accurately fixing these vulnerabilities by logically and physically eliminating their root causes is essential before rules are deployed. However, it has not been well studied. In this paper, we present TAPFixer, a novel framework to automatically detect and repair rule interaction vulnerabilities in HA systems. It extracts TAP rules from HA profiles, translates them into an automaton model with physical and latency features, and performs model checking with various correctness properties. It then uses a novel negated-property reasoning algorithm to automatically infer a patch via model abstraction and refinement and model checking based on negated-properties. We evaluate TAPFixer on market HA apps (1177 TAP rules and 53 properties) and find that it can achieve an 86.65% success rate in repairing rule interaction vulnerabilities. We additionally recruit 23 HA users to conduct a user study that demonstrates the usefulness of TAPFixer for vulnerability repair in practical HA scenarios.

Cryptography and Security

Wenyuan Xu

DOI: https://doi.org/10.1145/3579856.3596442

2023-01-01

Abstract:Vulnerabilities pose a significant challenge in ensuring cybersesecurity for information systems. In the past, vulnerabilities were mainly associated with functional defects in system software and hardware, known as "in-band vulnerabilities," whereby "band" refers to the functional domain. However, with the rapid development of the Internet of Things (IoT), new security issues have emerged that traditional vulnerability categorization may not fully cover. IoT devices rely on sensors and actuators to interact with the real world, but this interaction process between physical and digital systems has created defects that are difficult to analyze and detect. These defects include unintentional coupling effects of sensors from ambient analog signals or abnormal channels that were not intentionally designed, collectively known as "out-of-band vulnerabilities." Various security incidents have highlighted the prevalence of out-of-band vulnerabilities in IoT systems, and their activation can result in serious consequences. To address this issue, we propose a vulnerability categorization framework that includes out-of-band vulnerabilities and provides examples for each category. Our talk highlights the need to shift the research paradigm for system security to encompass both in-band and out-of-band vulnerabilities in the intelligence era. Finally, we explore potential solutions for mitigating out-of-band vulnerabilities and securing IoT devices.

Kai-Hsiang Hsu,Yu-Hsi Chiang,Hsu-Chun Hsiao

DOI: https://doi.org/10.1109/TIFS.2019.2899758

2019-03-09

Abstract:The proliferation of Internet of Things (IoT) is reshaping our lifestyle. With IoT sensors and devices communicating with each other via the Internet, people can customize automation rules to meet their needs. Unless carefully defined, however, such rules can easily become points of security failure as the number of devices and complexity of rules increase. Device owners may end up unintentionally providing access or revealing private information to unauthorized entities due to complex chain reactions among devices. Prior work on trigger-action programming either focuses on conflict resolution or usability issues, or fails to accurately and efficiently detect such attack chains. This paper explores security vulnerabilities when users have the freedom to customize automation rules using trigger-action programming. We define two broad classes of attack--privilege escalation and privacy leakage--and present a practical model-checking-based system called SAFECHAIN that detects hidden attack chains exploiting the combination of rules. Built upon existing model-checking techniques, SAFECHAIN identifies attack chains by modeling the IoT ecosystem as a Finite State Machine. To improve practicability, SAFECHAIN avoids the need to accurately model an environment by frequently re-checking the automation rules given the current states, and employs rule-aware optimizations to further reduce overhead. Our comparative analysis shows that SAFECHAIN can efficiently and accurately identify attack chains, and our prototype implementation of SAFECHAIN can verify 100 rules in less than one second with no false positives.

Cryptography and Security

Liangyu Chen,Chen Wang,Cheng Chen,Caidie Huang,Xiaohong Chen,Min Zhang

DOI: https://doi.org/10.1109/jiot.2024.3374556

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Trigger-Action Programming (TAP) is a new programming paradigm enabling end-users to customize their smart devices by defining simple trigger-action rules. While it offers appealing convenience to end-users, TAP renders devices vulnerable to operation chaos and security risk resulting from potential defects in the rules. Verifying TAP rules defined by end-users is thereby necessary to detect such vulnerabilities at the early stage. However, such rules are difficult to analyze because their executions are often device-specific and environment-driven. Existing approaches require modeling them with their host devices and running environments, which is labor-consuming and hard to be automated. Moreover, the composition of devices causes state explosion, rendering the conflict analysis time-consuming. In this paper, we first build a large corpus of TAP rules developed by end-users. Analyzing this corpus results in six types of conflicts and reveals that nearly 90% of end-users made conflicts in their customized rules, and on average, 3.7 rules contain a conflict, which concurs with the necessity of developing practical conflict analysis techniques. Empirical analysis motivates us to propose a lightweight SMT-based approach for conflict analysis from a programmatic perspective. Compared to the existing approaches, our approach does not require modeling devices; thus, it could be fully automatic and flexible in efficiently detecting various types of conflicts. We implement the approach in a tool TapChecker. We analyze 12,514 TAP rules collected from real-world TAP platforms (10,535) and laboratory experiments (1,979). Experimental results show that our approach outperforms the state-of-the-art tool regarding the number of detected conflicts and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lei Bu,Qiuping Zhang,Suwan Li,Jinglin Dai,Guangdong Bai,Kai Chen,Xuandong Li

DOI: https://doi.org/10.1145/3597926.3598084

2023-01-01

Abstract:Internet of Things (IoT) has become prevalent in various fields, especially in the context of home automation (HA). To better control HA-IoT devices, especially to integrate several devices for rich smart functionalities, trigger-action programming, such as the If This Then That (IFTTT), has become a popular paradigm. Leveraging it, novice users can easily specify their intent in applets regarding how to control a device/service through another once a specific condition is met. Nevertheless, the users may design IFTTT-style integrations inappropriately, due to lack of security experience or unawareness of the security impact of cyber-attacks against individual devices. This has caused financial loss, privacy leakage, unauthorized access and other security issues. To address these problems, this work proposes a systematic framework named MEDIC to model smart home integrations and check their security. It automatically generates models incorporating the service/device behaviors and action rules of the applets, while taking into consideration the external attacks and in-device vulnerabilities. Our approach takes around one second to complete the modeling and checking of one integration. We carried out experiments based on 200 integrations created from a user study and a dataset crawled from ifttt.com. To our great surprise, nearly 83% of these integrations have security issues.

Kulani Mahadewa,Yanjun Zhang,Guangdong Bai,Lei Bu,Zhiqiang Zuo,Dileepa Fernando,Zhenkai Liang,Jin Song Dong

DOI: https://doi.org/10.1145/3460319.3464838

2021-01-01

Abstract:With many trigger-action platforms that integrate Internet of Things (IoT) systems and online services, rich functionalities transparently connecting digital and physical worlds become easily accessible for the end users. On the other hand, such facilities incorporate multiple parties whose data control policies may radically differ and even contradict each other, and thus privacy violations may arise throughout the lifecycle (e.g., generation and transmission) of triggers and actions. In this work, we conduct an in-depth study on the privacy issues in multi-party trigger-action integration platforms (TAIPs). We first characterize privacy violations that may arise with the integration of heterogeneous systems and services. Based on this knowledge, we propose Taifu, a dynamic testing approach to identify privacy weaknesses from the TAIP. The key insight of Taifu is that the applets which actually program the trigger-action rules can be used as test cases to explore the behavior of the TAIP. We evaluate the effectiveness of our approach by applying it on the TAIPs that are built around the IFTTT platform. To our great surprise, we find that privacy violations are prevalent among them. Using the automatically generated 407 applets, each from a different TAIP, Taifu detects 194 cases with access policy breaches, 218 access control missing, 90 access revocation missing, 15 unintended flows, and 73 over-privilege access.

Nan Zhang,Soteris Demetriou,Xianghang Mi,Wenrui Diao,Kan Yuan,Peiyuan Zong,Feng Qian,XiaoFeng Wang,Kai Chen,Yuan Tian,Carl A. Gunter,Kehuan Zhang,Patrick Tague,Yue-Hsun Lin

DOI: https://doi.org/10.48550/arXiv.1703.09809

2017-03-29

Abstract:Inspired by the boom of the consumer IoT market, many device manufacturers, start-up companies and technology giants have jumped into the space. Unfortunately, the exciting utility and rapid marketization of IoT, come at the expense of privacy and security. Industry reports and academic work have revealed many attacks on IoT systems, resulting in privacy leakage, property loss and large-scale availability problems. To mitigate such threats, a few solutions have been proposed. However, it is still less clear what are the impacts they can have on the IoT ecosystem. In this work, we aim to perform a comprehensive study on reported attacks and defenses in the realm of IoT aiming to find out what we know, where the current studies fall short and how to move forward. To this end, we first build a toolkit that searches through massive amount of online data using semantic analysis to identify over 3000 IoT-related articles. Further, by clustering such collected data using machine learning technologies, we are able to compare academic views with the findings from industry and other sources, in an attempt to understand the gaps between them, the trend of the IoT security risks and new problems that need further attention. We systemize this process, by proposing a taxonomy for the IoT ecosystem and organizing IoT security into five problem areas. We use this taxonomy as a beacon to assess each IoT work across a number of properties we define. Our assessment reveals that relevant security and privacy problems are far from solved. We discuss how each proposed solution can be applied to a problem area and highlight their strengths, assumptions and constraints. We stress the need for a security framework for IoT vendors and discuss the trend of shifting security liability to external or centralized entities. We also identify open research problems and provide suggestions towards a secure IoT ecosystem.

Cryptography and Security

Zhibo Wang,Defang Liu,Yunan Sun,Xiaoyi Pang,Peng Sun,Feng Lin,John C. S. Lui,Kui Ren

DOI: https://doi.org/10.1109/comst.2022.3201557

IF: 35.6

2022-01-01

IEEE Communications Surveys & Tutorials

Abstract:With recent advances in communication technologies and Internet of Things (IoT) infrastructures, home automation (HA) systems have emerged as a new promising paradigm that provides convenient smart-home services to users. However, there exist various security risks during the deployment and application of HA systems, which pose severe security threats to users. On the one hand, traditional IoT security threats (e.g., device intrusion, protocol vulnerabilities, and so on) are inherent to HA systems. On the other hand, as the core of HA systems, the Trigger-Action Programming (TAP) model organizes cloud platforms, local hubs, and smart devices through user-customized rules, but the complex interactions involved bring new challenges to the security of HA systems. These two kinds of security issues have attracted widespread attention from both academia and industry, and explorations on both attack and defense have been made. However, there is not yet a survey that provides a summary of the overall HA systems’ security research. In this paper, we conduct a comprehensive survey of the state-of-the-art literature on HA system security from aspects of attack and defense. We first give a brief introduction to the HA system architecture and present a general workflow of HA systems. Then, we review and classify the relevant attacks based on the HA architecture, with an explicit analysis of vulnerabilities exploited by these attacks. We further elaborate on the security requirements of HA systems and provide detailed descriptions and comparisons of existing defenses methods. Finally, we conclude with a thorough discussion of open issues for future research.

Ziming Wang,Bingkun Sun,Liwei Shen,Xin Peng

DOI: https://doi.org/10.1145/3543507.3583293

2023-04-30

Abstract:The physical world we live in is accelerating digitalization with the vigorous development of Internet of Things (IoT). Following this trend, Web of Things (WoT) further enables fast and efficient creation of various applications that perceive and act on the physical world using standard Web technologies. A popular way for creating WoT applications is Trigger-Action Programming (TAP), which allows users to orchestrate the capabilities of IoT devices in the form of “if trigger, then action”. However, existing TAP approaches don’t support scenario-centric WoT applications which involve abstract modeling of physical environments and complex spatio-temporal dependencies between events and actions. In this paper, we propose an approach called SCTAP which supports Scenario-Centric Trigger-Action Programming based on software-defined physical environments. SCTAP defines a structured and conceptual representation for physical environments, which provides the required programming abstractions for WoT applications. Based on the representation, SCTAP defines a grammar for specifying scenario-centric WoT applications with spatio-temporal dependencies. Furthermore, we design a service-based architecture for SCTAP which supports the integration of device access, event perception, environment representation, and rule execution in a loosely-coupled and extensible way. We implement SCTAP as a WoT infrastructure and evaluate it with two case studies including a smart laboratory and a smart coffee house. The results confirm the usability, feasibility and efficiency of SCTAP and its implementation.

Environmental Science,Engineering,Computer Science

Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

DOI: https://doi.org/10.48550/arXiv.1811.03241

2019-06-26

Abstract:A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and blackbox testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.

Cryptography and Security,Networking and Internet Architecture

Jiahui Xiang,Lirong Fu,Tong Ye,Peiyu Liu,Huan Le,Liming Zhu,Wenhai Wang

DOI: https://doi.org/10.1109/jiot.2024.3490661

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The diversity of web configuration interfaces for IoT devices has exacerbated issues such as inadequate permission controls and insecure interfaces, resulting in various vulnerabilities. Owing to the varying interface configurations across various devices, the existing methods are inadequate for identifying these vulnerabilities precisely and comprehensively. This study addresses these issues by introducing an automated vulnerability detection system, called LuaTaint. It is designed for the commonly used web configuration interface of IoT devices. LuaTaint combines static taint analysis with a large language model (LLM) to achieve widespread and high-precision detection. The extensive traversal of the static analysis ensures the comprehensiveness of the detection. The system also incorporates rules related to page handler control logic within the taint detection process to enhance its precision and extensibility. Moreover, we leverage the prodigious abilities of LLM for code analysis tasks. By utilizing LLM in the process of pruning false alarms, the precision of LuaTaint is enhanced while significantly reducing its dependence on manual analysis. We develop a prototype of LuaTaint and evaluate it using 2,447 IoT firmware samples from 11 renowned vendors. LuaTaint has discovered 111 vulnerabilities. Moreover, LuaTaint exhibits a vulnerability detection precision rate of up to 89.29

Libo Chen,Yanhao Wang,Quanpu Cai,Yunfan Zhan,Hong Hu,Jiaqi Linghu,Qinsheng Hou,Chao Zhang,Haixin Duan,Zhi Xue

2021-01-01

Abstract:IoT devices have brought invaluable convenience to our daily life. However, their pervasiveness also amplifies the impact of security vulnerabilities. Many popular vulnerabilities of embedded systems reside in their vulnerable web services. Unfortunately, existing vulnerability detection methods cannot effectively nor efficiently analyze such web services: they either introduce heavy execution overheads or have many false positives and false negatives. In this paper, we propose a novel static taint checking solution, SaTC, to effectively detect security vulnerabilities in web services provided by embedded devices. Our key insight is that, string literals on web interfaces are commonly shared between front-end files and back-end binaries to encode user input. We thus extract such common keywords from the frontend, and use them to locate reference points in the back-end, which indicate the input entry. Then, we apply targeted dataflow analysis to accurately detect dangerous uses of the untrusted user input. We implemented a prototype of SaTC and evaluated it on 39 embedded system firmwares from six popular vendors. SaTC discovered 33 unknown bugs, of which 30 are confirmed by CVE/CNVD/PSV. Compared to the state-ofthe-art tool KARONTE, SaTC found significantly more bugs on the test set. It shows that, SaTC is effective in discovering bugs in embedded systems.

Will Brackenbury,Abhimanyu Deora,Jillian Ritchey,Jason Vallee,Weijia He,Guan Wang,Michael L. Littman,Blase Ur

DOI: https://doi.org/10.1145/3290605.3300782

2019-01-01

Abstract:Trigger-action programming (TAP) is a programming model enabling users to connect services and devices by writing if-then rules. As such systems are deployed in increasingly complex scenarios, users must be able to identify programming bugs and reason about how to fix them. We first systematize the temporal paradigms through which TAP systems could express rules. We then identify ten classes of TAP programming bugs related to control flow, timing, and inaccurate user expectations. We report on a 153-participant online study where participants were assigned to a temporal paradigm and shown a series of pre-written TAP rules. Half of the rules exhibited bugs from our ten bug classes. For most of the bug classes, we found that the presence of a bug made it harder for participants to correctly predict the behavior of the rule. Our findings suggest directions for better supporting end-user programmers.

Bing Huang,Chen Chen,Kwok-Yan Lam,Fuqun Huang

2024-06-06

Abstract:Emerging Internet of Things (IoT) platforms provide sophisticated capabilities to automate IoT services by enabling occupants to create trigger-action rules. Multiple trigger-action rules can physically interact with each other via shared environment channels, such as temperature, humidity, and illumination. We refer to inter-rule interactions via shared environment channels as a physical inter-rule vulnerability. Such vulnerability can be exploited by attackers to launch attacks against IoT systems. We propose a new framework to proactively discover possible physical inter-rule interactions from user requirement specifications (i.e., descriptions) using a deep learning approach. Specifically, we utilize the Transformer model to generate trigger-action rules from their associated descriptions. We discover two types of physical inter-rule vulnerabilities and determine associated environment channels using natural language processing (NLP) tools. Given the extracted trigger-action rules and associated environment channels, an approach is proposed to identify hidden physical inter-rule vulnerabilities among them. Our experiment on 27983 IFTTT style rules shows that the Transformer can successfully extract trigger-action rules from descriptions with 95.22% accuracy. We also validate the effectiveness of our approach on 60 SmartThings official IoT apps and discover 99 possible physical inter-rule vulnerabilities.

Cryptography and Security,Artificial Intelligence

Haotian Chi,Qiang Zeng,Xiaojiang Du,Jiaping Yu

DOI: https://doi.org/10.48550/arXiv.1808.02125

2021-01-24

Abstract:A number of Internet of Things (IoTs) platforms have emerged to enable various IoT apps developed by third-party developers to automate smart homes. Prior research mostly concerns the overprivilege problem in the permission model. Our work, however, reveals that even IoT apps that follow the principle of least privilege, when they interplay, can cause unique types of threats, named Cross-App Interference (CAI) threats. We describe and categorize the new threats, showing that unexpected automation, security and privacy issues may be caused by such threats, which cannot be handled by existing IoT security mechanisms. To address this problem, we present HOMEGUARD, a system for appified IoT platforms to detect and cope with CAI threats. A symbolic executor module is built to precisely extract the automation semantics from IoT apps. The semantics of different IoT apps are then considered collectively to evaluate their interplay and discover CAI threats systematically. A user interface is presented to users during IoT app installation, interpreting the discovered threats to help them make decisions. We evaluate HOMEGUARD via a proof-of-concept implementation on Samsung SmartThings and discover many threat instances among apps in the SmartThings public repository. The evaluation shows that it is precise, effective and efficient.

Cryptography and Security

Leonardo Babun,Z. Berkay Celik,Patrick McDaniel,A. Selcuk Uluagac

DOI: https://doi.org/10.2478/popets-2021-0009

2020-11-09

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Abstract: Users trust IoT apps to control and automate their smart devices. These apps necessarily have access to sensitive data to implement their functionality. However, users lack visibility into how their sensitive data is used, and often blindly trust the app developers. In this paper, we present IoTWATcH, a dynamic analysis tool that uncovers the privacy risks of IoT apps in real-time. We have designed and built IoTWATcH through a comprehensive IoT privacy survey addressing the privacy needs of users. IoTWATCH operates in four phases: (a) it provides users with an interface to specify their privacy preferences at app install time, (b) it adds extra logic to an app’s source code to collect both IoT data and their recipients at runtime, (c) it uses Natural Language Processing (NLP) techniques to construct a model that classifies IoT app data into intuitive privacy labels, and (d) it informs the users when their preferences do not match the privacy labels, exposing sensitive data leaks to users. We implemented and evaluated IoTWATcH on real IoT applications. Specifically, we analyzed 540 IoT apps to train the NLP model and evaluate its effectiveness. IoTWATcH yields an average 94.25% accuracy in classifying IoT app data into privacy labels with only 105 ms additional latency to an app’s execution.

Jiahui Xiang,Wenhai Wang,Tong Ye,Peiyu Liu

2024-02-25

Abstract:IoT devices are currently facing continuous malicious attacks due to their widespread use. Among these IoT devices, web vulnerabilities are also widely exploited because of their inherent characteristics, such as improper permission controls and insecure interfaces. Recently, the embedded system web interface framework has become highly diverse, and specific vulnerabilities can arise if developers forget to detect user input parameters or if the detection process is not strict enough. Therefore, discovering vulnerabilities in the web interfaces of IoT devices accurately and comprehensively through an automated method is a major challenge. This paper aims to work out the challenge. We have developed an automated vulnerability detection system called LuaTaint for the typical web interface framework, LuCI. The system employs static taint analysis to address web security issues on mobile terminal platforms to ensure detection coverage. It integrates rules pertaining to page handler control logic within the taint detection process to improve its extensibility. We also implemented a post-processing step with the assistance of large language models to enhance accuracy and reduce the need for manual analysis. We have created a prototype of LuaTaint and tested it on 92 IoT firmwares from 8 well-known vendors. LuaTaint has discovered 68 unknown vulnerabilities.

Cryptography and Security,Software Engineering