Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing
Asmita, Yaroslav Oliinyk, Michael Scott, Ryan Tsang
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
This talk, presented by Asmita and her collaborators from NetRise, delves into novel approaches for enhancing the effectiveness of fuzzing in embedded systems, specifically targeting **BusyBox**. The research introduces two primary techniques: leveraging **Large Language Models (LLMs)** for initial seed generation and implementing a **crash reuse** methodology to identify vulnerabilities across different target variants. The core motivation stems from the pervasive use of BusyBox in **Internet of Things (IoT)** and **eXtended IoT (X-IoT)** devices, often running outdated and vulnerable versions.
AI review
This research presents two effective methods for improving embedded system fuzzing: LLM-driven seed generation and crash reuse for variant analysis. It highlights the pervasive issue of outdated BusyBox in IoT and offers practical, actionable techniques for defenders and researchers to enhance vulnerability discovery and supply chain security. This isn't just theory; it's a solid, pragmatic approach to a critical problem.