Daojing He,Xiaohu Yu,Tinghui Li,Sammy Chan,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2022.3152364

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:With the wide application of Internet of Things (IoT) devices, security attacks against their firmware often occur, which has attracted more attention from the research community. Firmware is an important part of IoT devices, and attacks against them is one of the main means to destroy them. Therefore, firmware security is considered a core of the overall devices’ security. At present, most of the firmware vulnerabilities have a small number of related samples, so it is difficult to use machine learning methods to generate detectors for some of them. Therefore, based on the collected data of related firmware vulnerabilities, this article proposes a firmware vulnerability homology detection method based on the clonal selection algorithm. We design the numerical and structural characteristics of vulnerability functions, train a detector for each function separately, and improve the recall rate of vulnerability detection. Compared with existing machine learning methods, this method only depends on the affinity between the objective function and the detector, which avoids the requirement of a large number of sample data sets. Finally, relevant experiments are carried out to verify the effectiveness of the method.

Song Yan,Wang Binbin,Yu Xiaohu,Li Tinghui,Zhu Shanshan,He Daojing,Yang Guisong,Chan Sammy

DOI: https://doi.org/10.1109/DSC53577.2021.00088

2021-01-01

Abstract:In recent years, Internet of Things (IoT) devices have received extensive attention and can be seen everywhere in daily life. Attacks against firmware vulnerabilities are becoming more and more frequent. Homology analysis technology is a hot topic in recent years. Firmware vulnerability analysis based on homology analysis can classify the firmware of different versions or even different devices, and detect the vulnerabilities in the firmware by detecting the homology of the open source library. This paper provides a literature review of firmware homology detection. Firstly, the background of firmware vulnerability analysis and the research status of homology detection at home and abroad are briefly introduced. Then, under the source code based homology analysis technology, according to whether it chooses to use the intermediate form to explain the source code and the different intermediate forms, three different homology analysis technologies based on text, token and structure are divided, and the three technologies are compared horizontally. Then, in the non source code based homology analysis technology, the overall process of homology detection based on binary files is introduced, as well as the main technologies such as byte stream comparison and reverse analysis. Finally, various homology analysis methods are analyzed and compared from the aspects of efficiency and accuracy, and the research focus and direction in this field are summarized and prospected.

Daojing He,Hongjie Gu,Tinghui Li,Yongliang Du,Xiaolei Wang,Sencun Zhu,Nadra Guizani

DOI: https://doi.org/10.1109/mnet.011.2000450

IF: 10.294

2021-03-01

IEEE Network

Abstract:IoT devices are becoming increasingly ubiquitous because they have greatly simplified many aspects of our daily life and our work. However, most firmware in these embedded devices carry various security vulnerabilities, such as hard-cod-ed passwords, cryptographic keys, insecure configurations and backdoors. Recent large-scale attacks have demonstrated that the security vulnerabilities in IoT firmware have posed a severe threat to the Internet infrastructure. In this work, we design a hybrid platform to detect vulnerabilities in IoT firmware, which integrates both offline static detection and online dynamic detection. Our evaluation on real IoT devices shows that the proposed platform can effectively identify various security weaknesses and risks in firmware, such as dangerous processes, exploitable vulnerabilities, and other attack surfaces.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yisen Wang,Jianjing Shen,Jian Lin,Rui Lou

DOI: https://doi.org/10.1109/access.2019.2893733

IF: 3.9

2019-01-01

IEEE Access

Abstract:The security situation of the Internet of Things (IoT) is more serious than ever, and there is an urgent need to detect and patch device vulnerability rapidly. With the astronomical numbers of IoT devices, it is very difficult to execute regular security inspections. Existing vulnerability detection technology based on simple feature matching cannot reach high accuracy to detect firmware vulnerabilities while using a control flow graph matching directly has proven to be too expensive. To address the problem of accurate and efficient, we present a method of staged firmware vulnerability detection based on code similarity. The first stage, function embedding based on neural network is used to analyze the similarities among functions, and large-scale firmware security inspection can be achieved efficiently. The second stage, the similarity among function local call flow graphs is calculated for fine-grained firmware security analysis, and this stage can improve the accuracy of vulnerability detection. We compared our method with state-of-the-art approaches, and the experimental results demonstrate that our method is more accurate. The average retraining time of our method is 1 h, and the real-world firmware vulnerability detection experiment of our method demonstrates that the true positive rate of the top 30 is as high as 86%.

Wei Xie,Yikun Jiang,Yong Tang,Yuanming Gao,Ning Ding

DOI: https://doi.org/10.1109/icpads.2017.00104

2017-01-01

Abstract:With the development of Internet of Things(IoT), more and more smart devices are connected into the Internet. The security and privacy issues of IoT devices have received increasingly academic and industrial attentions. Vulnerability detection is the key technology to protect IoT devices from zeroday attacks. However, traditional methods and tools of vulnerability detection cannot be directly used in analyzing IoT firmware. This paper firstly reviews related works on vulnerability detection in IoT firmware, previous researches are classified into four types i.e. static analysis, symbolic execution, fuzzing on emulators and comprehensive testing. Then, this paper points out that the specificity of vulnerability detection in IoT firmware is to detect logical flaws in embedded binaries which are built on the MIPS architecture. Finally, this paper proposes a method based on fuzzing and static analysis to detect authentication bypass flaws in IoT embedded binary servers. The proposed method is proved to be effective by verifying known CVEs as well as discovering unknown ones.

Yikun Jiang,Wei Xie,Yong Tang

DOI: https://doi.org/10.1145/3290480.3290491

2018-01-01

Abstract:With the rapid development of network and communication technologies, everything is able to be connected to the Internet. IoT devices, which include home routers, IP cameras, wireless printers and so on, are crucial parts facilitating to build pervasive and ubiquitous networks. As the number of IoT devices around the world increases, the security issues become more and more serious. To handle with the security issues and protect the IoT devices from being compromised, the firmware of devices needs to be strengthened by discovering and repairing vulnerabilities. Current vulnerability detection tools can only help strengthening traditional software, nevertheless these tools are not practical enough for IoT device firmware, because of the peculiarity in firmware's structure and embedded device's architecture. Therefore, new vulnerability detection framework is required for analyzing IoT device firmware. This paper reviews related works on vulnerability detection in IoT firmware, proposes and implements a framework to automatically detect authentication-bypass flaws in a large scale of Linux-based firmware. The proposed framework is evaluated with a data set of 2351 firmware images from several target vendors, which is proved to be capable of performing large-scale and automated analysis on firmware, and 1 known and 10 unknown authentication-bypass flaws are found by the analysis.

Peng Liu,Yasu Cao,Yujun Yan,Yong Wang

DOI: https://doi.org/10.1109/access.2024.3378533

IF: 3.9

2024-03-27

IEEE Access

Abstract:With the continuous improvement of Internet of Things technology, Internet of Things devices are gradually popularized in people's lives and work, bringing convenience to people, but also there are many security risks. There are more and more types of attacks on IoT devices, and the security of their firmware has become a focus of attention. Aiming at firmware vulnerabilities in devices, a firmware vulnerability detection algorithm based on pattern-specific features and structural features is proposed in this study. The algorithm uses the two-stage method to filter and match the functions precisely, so as to find the functions matching the vulnerability functions. By reducing the local call graph from five layers to three layers, the algorithm operation and detection efficiency are improved, and the accurate matching method of weighted three-layer local call graph is implemented. The experimental results showed that the Top1 index value of the five-layer local call graph ranges from 81.99 to 90.19. The indexes of control flow chart and attribute control flow chart fluctuated greatly, ranging from 61.57 to 91.08 and 54.62 to 87.55, respectively. The Top1 index value of the weighted three-layer local call graph increased by 3.73%, and the average increased by 1.47%, indicating a significant improvement in the whole. It can be concluded that the firmware vulnerability detection algorithm based on the matching of pattern-specific numerical features and structural features can effectively find the function that actually matches the vulnerability function, and improve the efficiency of firmware vulnerability detection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yifei Xu,Ting Liu,Pengfei Liu,Hong Sun

DOI: https://doi.org/10.1109/CNS.2018.8433163

2018-01-01

Abstract:The firmware vulnerability is one of the most serious threats for Internet-of-Things (IoT) security. However, it is hard to investigate firmware, due to the lack of source code and the complicated structure. In this paper, a searchbased firmware code analysis method is proposed to associate the program functionalities with the assembly code. In the experiment, the firmware of Siemens PAC4200 power meter is selected to demonstrate how to search the assembly code of device information interface. Moreover, one vulnerability of this interface is shown, which would be exploited to manipulate the data of device.

Yisen Wang,Ruimin Wang,Jing,Huanwei Wang

DOI: https://doi.org/10.1371/journal.pone.0245098

IF: 3.7

2021-01-01

PLoS ONE

Abstract:The rapid expansion of the open-source community has shortened the software development cycle, but the spread of vulnerabilities has been accelerated, especially in the field of the Internet of Things. In recent years, the frequency of attacks against connected devices is increasing exponentially; thus, the vulnerabilities are more serious in nature. The state-of-the-art firmware security inspection technologies, such as methods based on machine learning and graph theory, find similar applications depending on the known vulnerabilities but cannot do anything without detailed information about the vulnerabilities. Moreover, model training, which is necessary for the machine learning technologies, requires a significant amount of time and data, resulting in low efficiency and poor extensibility. Aiming at the above shortcomings, a high-efficiency similarity analysis approach for firmware code is proposed in this study. First, the function control flow features and data flow features are extracted from the functions of the firmware and of the vulnerabilities, and the features are used to calculate the SimHash of the functions. The mass storage and fast query capabilities of the SimHash are implemented by the pigeonhole principle. Second, the similarity function pairs are analyzed in detail within and among the basic blocks. Within the basic blocks, the symbolic execution is used to generate the basic block semantic information, and the constraint solver is used to determine the semantic equivalence. Among the basic blocks, the local control flow graphs are analyzed to obtain their similarity. Then, we implemented a prototype and present the evaluation. The evaluation results demonstrate that the proposed approach can implement large-scale firmware function similarity analysis. It can also get the location of the real-world firmware patch without vulnerability function information. Finally, we compare our method with existing methods. The comparison results demonstrate that our method is more efficient and accurate than the Gemini and StagedMethod. More than 90% of the firmware functions can be indexed within 0.1 s, while the search time of 100,000 firmware functions is less than 2 s.

Zicong Gao,Chao Zhang,Hangtian Liu,Wenhou Sun,Zhizhuo Tang,Liehui Jiang,Jianjun Chen,Yong Xie

DOI: https://doi.org/10.14722/ndss.2024.24346

2024-01-01

Abstract:IoT devices are often found vulnerable, i.e., untrusted inputs may trigger potential vulnerabilities and flow to sensitive operations in the firmware, which could cause severe damage.As such vulnerabilities are in general taint-style, a promising solution to find them is static taint analysis.However, existing solutions have limited efficiency and effectiveness.In this paper, we propose a new efficient and effective taint analysis solution, namely HermeScan, to discover such vulnerabilities, which utilizes reaching definition analysis (RDA) to conduct taint analysis and gets much fewer false negatives, false positives, and time costs.We have implemented a prototype of HermeScan and conducted a thorough evaluation on two datasets, i.e., one 0-day dataset with 30 latest firmware and one N-day dataset with 98 older firmware, and compared with two state-of-theart (SOTA) solutions, i.e., KARONTE and SaTC.In terms of effectiveness, HermeScan, SaTC, and KARONTE find 163, 32, and 0 vulnerabilities in the 0-day dataset respectively.In terms of accuracy, the true positive rates of HermeScan, SaTC, and KARONTE are 81%, 42%, and 0% in the 0-day dataset.In terms of efficiency, HermeScan is 7.5X and 3.8X faster than SaTC and KARONTE on average in finding 0-day vulnerabilities.

Bo Yu,Ying Zhang,Yongyi Zhang,Qiang Yang

DOI: https://doi.org/10.1109/GLOBECOM54140.2023.10437669

2023-01-01

Abstract:With the development and widespread application of IoT technology, the impact of N-day vulnerabilities on IoT firmware has become increasingly serious. Detection technology for IoT firmware vulnerabilities plays an increasingly important role in IoT security. However, existing approaches for firmware vulnerability detection did not consider the issue of vulnerabilities between components, which are introduced in a supply chain's business process, such as library reuse and collaboration development. Meanwhile, they did not consider the component changes across the evolution of firmware versions, which is not conducive to analysts timely patching and managing vulnerable components, resulting in the duplication of analysis of components and inefficient analysis. Thus, feasible methods for analysing version evolution and discovering component vulnerabilities are urgently needed. In this paper, we design and implement FirmVEA, which discovers IOT component vulnerabilities via version evolution analysis. To evaluate our approach, we collect 10161 real-world firmware with 1053 firmware components (shortened as FC) from 11 different vendors, which cover various architectures such as MIPS, ARM, X86, PowerPC, and various OSs such as Linux, and FreeBSD (32/64-bit). The experiments show that FirmVEA can analyze the relationship between complex components, expose components and vulnerabilities change in adjacent firmware versions, and is on average 10 times more efficient than the state-of-the-art tool FACT while ensuring no loss of accuracy, making it suitable for large-scale IoT firmware N-day vulnerability analysis.

Yinfeng Han,Peng Wang,Chaoqun Kang,Jiayin Lin,Wei Fan

DOI: https://doi.org/10.1016/j.heliyon.2024.e31846

IF: 3.776

2024-05-29

Heliyon

Abstract:The Internet of Things communication protocol is prone to security vulnerabilities when facing increasing types and scales of network attacks, which can affect the communication security of the Internet of Things. It is crucial to effectively detect these vulnerabilities in order to improve the security of IoT communication protocols and promptly fix them. Therefore, this study proposes a distributed IoT communication protocol vulnerability detection method based on an improved parallelized fuzzy testing algorithm. Firstly, based on design principles and by comparing different communication protocols, a communication architecture for the distribution network's Internet of Things was constructed, and the communication protocols were formalized and decomposed. Next, preprocess the vulnerability detection samples, and then use genetic algorithm to improve the parallelized fuzzy testing algorithm to perform vulnerability detection. Through this improved algorithm, the missed detection rate and false detection rate can be effectively reduced, thereby improving the security of IoT communication protocols. The experimental results show that the highest missed detection rate of this method is only 4.0 %, and the false detection rate is low, with high detection efficiency. This indicates that the method has good performance and reliability in detecting vulnerabilities in IoT communication protocols.

Xinbo Ban,Ming Ding,Shigang Liu,Chao Chen,Jun Zhang

DOI: https://doi.org/10.1007/978-3-031-23020-2_15

2022-01-01

Abstract:The introduction of the Internet of Things (IoT) ecosystem into public and private sectors has markedly changed the way people live, work, and entertain through integrating the digital system with the physical world. However, the production of new scenarios and architectures in IoT ecosystems introduces previously unknown security threats due to the vulnerabilities in the IoT software. Since various vulnerabilities lead to unexpected consequences in different parts of the IoT ecosystem, we propose 'security domain' to categorize the origin of the threats properly, including 'physical device', 'operation rule', and 'communication'. The research community has conducted a significant amount of work in the area of vulnerability discovery by utilizing 'code intelligence', representing code analysis techniques based on different types of code. With the focus on the security domains, we review recent representative work published in the dominant time to investigate the emerging research. Also, we summarize the research methodology commonly adopted in this fast-growing area. In consonance with the phases of the research methodology, each paper that discovers IoT vulnerabilities is comprehensively studied. Challenges and future work in this area have been discussed as well.

YongLe Chen,Feng Ma,Ying Zhang,YongZhong He,Haining Wang,Qiang Li

2024-06-18

Abstract:The Internet of Things (IoT) has become indispensable to our daily lives and work. Unfortunately, developers often reuse software libraries in the IoT firmware, leading to a major security concern. If vulnerabilities or insecure versions of these libraries go unpatched, a massive number of IoT devices can be impacted. In this paper, we propose the AutoFirm, an automated tool for detecting reused libraries in IoT firmware at a large scale. Specifically, AutoFirm leverages the syntax information (library name and version) to determine whether IoT firmware reuses the libraries. We conduct a large-scale empirical study of reused libraries of IoT firmware, investigating more than 6,900+ firmware and 2,700+ distinct vulnerabilities affecting 11,300+ vulnerable versions from 349 open-source software libraries. Leveraging this diverse information set, we conduct a qualitative assessment of vulnerable library versions to understand security gaps and the misplaced trust of libraries in IoT firmware. Our research reveals that: manufacturers neglected to update outdated libraries for IoT firmware in 67.3\% of cases; on average, outdated libraries persisted for over 1.34 years prior to remediation; vulnerabilities of software libraries have posed server threats to widespread IoT devices.

Cryptography and Security,Software Engineering

Shen Quanjiang,Song Yan,Yu Xiaohu,Li Tinghui,He Daojing,Yang Guisong

DOI: https://doi.org/10.1109/ICCECE51280.2021.9342303

2021-01-01

Abstract:In recent years, Internet of things security incidents occur frequently, which has threatened the stability of the country, society and personal privacy. As the core of Internet of things equipment system, the security of firmware is very important. In order to design a more reasonable and effective firmware security detection method, the firmware needs to be analyzed in detail. This paper describes the security objectives of firmware from three aspects of confidentiality, integrity and availability, summarizes and analyzes the firmware attack surface, and carries out relevant verification experiments for each attack surface. In order to solve the tedious steps of firmware format identification, unpacking and key information extraction in the process of large-scale firmware security analysis, a firmware security analysis tool is designed and implemented, and large-scale experimental analysis of firmware is carried out from the perspectives of open-source components, weak passwords and hard coding.

Mingshu He,Yuanming Huang,Xinlei Wang,Peng Wei,Xiaojuan Wang

DOI: https://doi.org/10.1109/jiot.2023.3294259

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:IoT devices have been widely used in many fields, bringing many conveniences to people’s life. With the massive deployment and application of IoT devices, how to maintain the IoT from cyber-attacks has become one of the major concerns of researchers. Due to IoT devices’ limited computational capabilities and storage resources, IoT usually does not have sufficient security defense mechanisms, making it vulnerable to malware or device attacks. However, existing IoT-oriented intrusion detection systems usually only support the detection of specific malicious attacks or require complex models and massive computational resources to obtain high detection accuracy. We propose a lightweight and efficient intrusion detection method based on feature grouping to address the above challenges. We first design a fast protocol parsing method on the raw Packet Capture files to generate semantic-level parsing features. Then, we propose session merging and feature grouping methods. Finally, we verify the proposed features’ effectiveness and analyze the malicious attacks’ working process. The proposed method achieves more than 99.5% classification accuracy on three public IoT datasets. The proposed method requires significantly fewer computational resources than baseline methods in the protocol parsing and model training process. Experimental results show that the proposed method is lightweight, efficient, and extensible. Therefore, the proposed method is suitable for IoT intrusion detection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lingyun Situ,Chi Zhang,Le Guan,Zhiqiang Zuo,Linzhang Wang,Xuandong Li,Peng Liu,Jin Shi

DOI: https://doi.org/10.1109/jiot.2023.3303780

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the rapid expansion of the Internet of Things, a vast number of microcontroller-based IoT devices are now susceptible to attacks through the Internet. Vulnerabilities within the firmware are one of the most important attack surfaces. Fuzzing has emerged as one of the most effective techniques for identifying such vulnerabilities. However, when applied to IoT firmware, several challenges arise, including: (1) the inability of firmware to execute properly in the absence of peripherals, (2) the lack of support for exploring input spaces of multiple peripherals, (3) difficulties in instrumenting and gathering feedback, and (4) the absence of a fault detection mechanism. To address these challenges, we have developed and implemented an innovative peripheral-independent hybrid fuzzing tool called . This tool enables testing of microcontroller-based firmware without reliance on specific peripheral hardware. First, a unified virtual peripheral was integrated to model the behaviors of various peripherals, thus enabling the physical devices-agnostic firmware execution. Then, a hybrid event generation approach was used to generate inputs for different peripheral accesses. Furthermore, two-level coverage feedback was collected to optimize the testcase generation. Finally, a plugin-based fault detection mechanism was implemented to identify typical memory corruption vulnerabilities. A Large-scale experimental evaluation has been performed to show ’s effectiveness and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yongyi Zhang,Bo Yu,Lei Zhou,Qiang Yang

DOI: https://doi.org/10.1145/3689236.3689262

2024-01-01

Abstract:With the development of Internet of Things (IoT) technology, the number and complexity of IoT devices have increased rapidly. As the basic enabling software of IoT devices, firmware provides rich functions such as communication, collection and management. Nevertheless, developers do not fully consider security when developing firmware, leaving the firmware vulnerable to exploitation by malware. IoT firmware security analysis has become the focus of research. However, existing works for the security of firmware pay less attention to nested third-party components (TPCs) including the TPCs directly and indirectly referenced. Meanwhile, these works lack a quantitatively analysis of the complexity brought by TPCs to firmware. In this paper, we propose a nested TPCs identification method and introduce firmware complexity metric at the firmware supply chain level. Then, we propose FirmRadar to automatically and comprehensively analyze IoT firmware characterization, including basic information, TPC characterization, CVE characterization and firmware complexity metric. Based on FirmRadar, we conduct a large-scale analysis of 11,988 firmware from 14 vendors. We successfully identify 5,365 TPCs and detect 516,280 potential vulnerabilities caused by 590 CVEs. We further find that although firmware may reference a large number of TPCs, most of the vulnerabilities are concentrated on a few TPCs. Moreover, by analyzing the nested TPCs in firmware, we discover that the number of TPCs directly referenced is less than the number of TPCs indirectly referenced. Finally, we quantitatively analyze firmware complexity metric of each vendor and find that the firmware referencing more TPCs and TPCs functions does not always contain more vulnerabilities.

Chi Zhang,Yu Wang,Linzhang Wang

DOI: https://doi.org/10.1145/3457913.3457934

2021-01-01

Abstract:Background: Firmware is the enable software of Internet of Things (IoT) devices, and its software vulnerabilities are one of the primary reason of IoT devices being exploited. Due to the limited resources of IoT devices, it is impractical to deploy sophisticated run-time protection techniques. Under an insecure network environment, when a firmware is exploited, it may lead to denial of service, information disclosure, elevation of privilege, or even life-threatening. Therefore, firmware vulnerability detection by fuzzing has become the key to ensure the security of IoT devices, and has also become a hot topic in academic and industrial research. With the rapid growth of the existing IoT devices, the size and complexity of firmware, the variety of firmware types, and the firmware defects, existing IoT firmware fuzzing methods face challenges. Objective: This paper summarizes the typical types of IoT firmware fuzzing methods, analyzes the contribution of these works, and summarizes the shortcomings of existing fuzzing methods. Method: We design several research questions, extract keywords from the research questions, then use the keywords to search for related literature. Result: We divide the existing firmware fuzzing work into real-device-based fuzzing and simulation-based fuzzing according to the firmware execution environment, and simulation-based fuzzing is the mainstream in the future; we found that the main types of vulnerabilities targeted by existing fuzzing methods are memory corruption vulnerabilities; firmware fuzzing faces more difficulties than ordinary software fuzzing. Conclusion: Through the analysis of the advantages and disadvantages of different methods, this review provides guidance for further improving the performance of fuzzing techniques, and proposes several recommendations from the findings of this review.

Jian Gao,Xin Yang,Yu Jiang,Houbing Song,Kim-Kwang Raymond Choo,Jiaguang Sun

DOI: https://doi.org/10.1109/tii.2019.2947432

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:The rapid development of Internet of Things (IoT) has triggered more security requirements than ever, especially in detecting vulnerabilities in various IoT devices. The widely used clone-based vulnerability search methods are effective on source code; however, their performance is limited in IoT binary search. In this article, we present IoTSeeker, a function semantic learning based vulnerability search approach for cross-platform IoT binary. First, we construct the function semantic graph to capture both the data flow and control flow information and encode lightweight semantic features of each basic block within the semantic graph as numerical vectors. Then, the embedding vector of the whole binary function is generated by feeding the numerical vectors of basic blocks to our customized semantics aware neural network model. Finally, the cosine distance of two embedding vectors is calculated to determine whether a binary function contains a known vulnerability. The experiments show that IoTSeeker outperforms the state-of-the-art approaches for identifying cross-platform IoT binary vulnerabilities. For example, compared to Gemini, IoTSeeker finds 12.68% more vulnerabilities in the top-50 candidates, and improves the value of AUC for 8.23%.