Large-Scale Fuzzing of Embedded Web Interfaces

Abstract

Every day IoT is being used more and more, they connect from our fridge to our security cameras. Recent studies have showed that they are a huge security hole, especially the web interfaces. Web interfaces are really difficult to secure, as there still aren’t any specific guidelines on how to completely secure them. In this thesis we investigate the efficiency of an unexplored method when trying to emulate these web interfaces. Instead of emulating the whole operating system we try to extract the necessary files and serve the web page using a Docker container. We present the hurdles that we have had to jump and the ones we have not been able to. And finally we present why this method is not recommended when trying to create a large-scale fuzzing framework.

Publication
TU Wien