Yixin Ding¹, Xinjian Zhao¹, Zicheng Wu¹, Yichen Zhu², Longkun Bai², Hao Han^2,*

CMC-Computers, Materials & Continua, Vol.84, No.3, pp. 5977-5993, 2025, DOI:10.32604/cmc.2025.065672 - 30 July 2025

Abstract Fuzz testing is a widely adopted technique for uncovering bugs and security vulnerabilities in embedded firmware. However, many embedded systems heavily rely on peripherals, rendering conventional fuzzing techniques ineffective. When peripheral responses are missing or incorrect, fuzzing a firmware may crash or exit prematurely, significantly limiting code coverage. While prior re-hosting approaches have made progress in simulating Memory-Mapped Input/Output (MMIO) and interrupt-based peripherals, they either ignore Direct Memory Access (DMA) or handle it oversimplified. In this work, we present ADFEmu, a novel automated firmware re-hosting framework that enables effective fuzzing of DMA-enabled firmware. ADFEmu integrates… More >

Yu-Bin Kim, Dong-Hyuk Shin, Ieck-Chae Euom^*

CMC-Computers, Materials & Continua, Vol.84, No.2, pp. 2217-2243, 2025, DOI:10.32604/cmc.2025.063289 - 03 July 2025

Abstract The global surge in electric vehicle (EV) adoption is proportionally expanding the EV charging station (EVCS) infrastructure, thereby increasing the attack surface and potential impact of security breaches within this critical ecosystem. While ISO 15118 standardizes EV-EVCS communication, its underspecified security guidelines and the variability in manufacturers’ implementations frequently result in vulnerabilities that can disrupt charging services, compromise user data, or affect power grid stability. This research introduces a systematic black-box fuzzing methodology, accompanied by an open-source tool, to proactively identify and mitigate such security flaws in EVCS firmware operating under ISO 15118. The proposed… More >

Wenbing Wang^*, Yongwen Liu

CMC-Computers, Materials & Continua, Vol.84, No.1, pp. 763-790, 2025, DOI:10.32604/cmc.2025.065179 - 09 June 2025

Abstract Multi-firmware comparison techniques can improve efficiency when auditing firmwares in bulk. However, the problem of matching functions between multiple firmwares has not been studied before. This paper proposes a multi-firmware comparison method based on evolutionary algorithms and trusted base points. We first model the multi-firmware comparison as a multi-sequence matching problem. Then, we propose an adaptation function and a population generation method based on trusted base points. Finally, we apply an evolutionary algorithm to find the optimal result. At the same time, we design the similarity of matching results as an evaluation metric to measure More >

Jihyeon Yu¹, Juhwan Kim¹, Youngwoo Lee¹, Fayozbek Rustamov², Joobeom Yun^1,*

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 3291-3315, 2023, DOI:10.32604/cmc.2023.035835 - 31 March 2023

Abstract Internet of things (IoT) devices are being increasingly used in numerous areas. However, the low priority on security and various IoT types have made these devices vulnerable to attacks. To prevent this, recent studies have analyzed firmware in an emulation environment that does not require actual devices and is efficient for repeated experiments. However, these studies focused only on major firmware architectures and rarely considered exotic firmware. In addition, because of the diversity of firmware, the emulation success rate is not high in terms of large-scale analyses. In this study, we propose the adaptive emulation… More >

Yingchao Yu^*, Shuitao Gan, Xiaojun Qin

Journal on Internet of Things, Vol.4, No.1, pp. 1-20, 2022, DOI:10.32604/jiot.2022.019469 - 16 May 2022

Abstract In recent years, with the development of the natural language processing (NLP) technologies, security analyst began to use NLP directly on assembly codes which were disassembled from binary executables in order to examine binary similarity, achieved great progress. However, we found that the existing frameworks often ignored the complex internal structure of instructions and didn’t fully consider the long-term dependencies of instructions. In this paper, we propose firmVulSeeker—a vulnerability search tool for embedded firmware images, based on BERT and Siamese network. It first builds a BERT MLM task to observe and learn the semantics of… More >

Wenjing Wang¹, Tengteng Zhao¹, Xiaolong Li^1,*, Lei Huang¹, Wei Zhang¹, Hui Guo²

Journal of Cyber Security, Vol.4, No.1, pp. 1-15, 2022, DOI:10.32604/jcs.2022.026816 - 05 May 2022

Abstract At present, the network security situation is becoming more and more serious. Malicious network attacks such as computer viruses, Trojans and hacker attacks are becoming more and more rampant. National and group network attacks such as network information war and network terrorism have a serious damage to the production and life of the whole society. At the same time, with the rapid development of Internet of Things and the arrival of 5G era, IoT devices as an important part of industrial Internet system, have become an important target of infiltration attacks by hostile forces. This More >

Xiaoyi Li, Xiaojun Pan, Yanbin Sun^*

Journal on Artificial Intelligence, Vol.3, No.1, pp. 21-31, 2021, DOI:10.32604/jai.2021.017328 - 02 April 2021

Abstract The rise of the Internet of Things (IoT) exposes more and more important embedded devices to the network, which poses a serious threat to people’s lives and property. Therefore, ensuring the safety of embedded devices is a very important task. Fuzzing is currently the most effective technique for discovering vulnerabilities. In this work, we proposed PS-Fuzz (Protocol State Fuzz), a gray-box fuzzing technique based on protocol state orientation. By instrumenting the program that handles protocol fields in the firmware, the problem of lack of guidance information in common protocol fuzzing is solved. By recording and… More >