AFLIoT: Fuzzing on linux-based IoT device with binary-level instrumentation

Xuechao Du, Andong Chen, Boyuan He, Hao Chen, Fan Zhang*, Yan Chen

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


In recent years, coverage-guided greybox fuzzing has demonstrated its efficiency in detecting security vulnerabilities on traditional devices. Instrumentation information plays a significant role in sophisticated greybox fuzzer such as American Fuzzing Lop to directionally improve coverage and distill seeds. While open-source programs leverage wrapped assemblers to glean instrumentation information, closed-source programs can utilize the emulation-based instrumentation for coverage-guided fuzzing. The pervasiveness of the closed source puts a strong demand for emulation instrumentation. However, the required access to peripherals brings great difficulty in fuzzing on the emulator, especially for those various IoT devices. This paper presents AFLIoT, the first generic on-device fuzzing framework for Linux-based IoT binary programs. By leveraging offset-free binary-level instrumentation, binary programs can avoid unnecessarily rewriting, inherit compatibility of peripherals, and be executed directly on IoT devices by AFLIoT. We evaluate AFLIoT on multiple benchmarks with real-world IoT programs. AFLIoT identified 437 unique crashes in 13 binary programs, including 95 newly confirmed unique crashes. Those crashes demonstrate that AFLIoT is efficient and effective in detecting potential software bugs in binary programs on Linux-based IoT devices.

Original languageEnglish (US)
Article number102889
JournalComputers and Security
StatePublished - Nov 2022


  • Binary-level
  • Daemon analysis
  • Greybox fuzzing
  • Internet of things
  • On-device

ASJC Scopus subject areas

  • Computer Science(all)
  • Law


Dive into the research topics of 'AFLIoT: Fuzzing on linux-based IoT device with binary-level instrumentation'. Together they form a unique fingerprint.

Cite this