SSFuzz: State-Guided Fuzzing With Shared Feedback for Black-Box IoT Devices

Download PDF
Open Webpage

Liyang Hou, Peiyu Liu, Jianchun Ding, Jiaao Sheng, Huan Le, Yangjun Chen, Wenhai Wang

Published: 2025, Last Modified: 13 Jan 2026IEEE Internet Things J. 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: The rapid growth of Internet of Things (IoT) devices has enhanced convenience but introduced significant security risks. Due to limited visibility into device internals, black-box fuzzing has become the primary method for IoT vulnerability detection. However, it is often difficult to recognize the triggered states, which limits the ability to explore different regions of the state space and, as a result, hinders the discovery of vulnerabilities. Additionally, it lacks feedback, preventing the fuzzer from refining its test inputs based on the results and reducing its effectiveness in discovering vulnerabilities. To address these challenges, we propose SSFuzz, an automated black-box fuzzing framework leveraging large language models (LLMs) to extract state nodes from interaction messages, enabling a state-guided approach. Additionally, we design a cross-device feedback-sharing mechanism based on source code similarities, aiming to make more effective use of the limited feedback available. Evaluated against five leading tools on 18 IoT devices, SSFuzz identified 38 previously undisclosed vulnerabilities, significantly outperforming existing methods. SSFuzz discovered 38 previously unknown vulnerabilities, significantly outperforming Snipuzz (five vulnerabilities) and IoTHunter (one vulnerability).