LuaTaint: A Static Analysis System for Web Configuration Interface Vulnerability of Internet of Things Devices

TL;DR

LuaTaint is an automated static analysis system that combines taint analysis and large language models to detect web interface vulnerabilities in IoT devices with high precision and broad coverage.

Contribution

The paper introduces LuaTaint, a novel system integrating static taint analysis with LLMs for precise, comprehensive vulnerability detection in IoT web interfaces.

Findings

Detected 111 vulnerabilities in IoT firmware samples.

Achieved up to 89.29% detection precision.

Reduced manual analysis through LLM-assisted false alarm pruning.

Abstract

The diversity of web configuration interfaces for IoT devices has exacerbated issues such as inadequate permission controls and insecure interfaces, resulting in various vulnerabilities. Owing to the varying interface configurations across various devices, the existing methods are inadequate for identifying these vulnerabilities precisely and comprehensively. This study addresses these issues by introducing an automated vulnerability detection system, called LuaTaint. It is designed for the commonly used web configuration interface of IoT devices. LuaTaint combines static taint analysis with a large language model (LLM) to achieve widespread and high-precision detection. The extensive traversal of the static analysis ensures the comprehensiveness of the detection. The system also incorporates rules related to page handler control logic within the taint detection process to enhance its precision and extensibility. Moreover, we leverage the prodigious abilities of LLM for code analysis tasks. By utilizing LLM in the process of pruning false alarms, the precision of LuaTaint is enhanced while significantly reducing its dependence on manual analysis. We develop a prototype of LuaTaint and evaluate it using 2,447 IoT firmware samples from 11 renowned vendors. LuaTaint has discovered 111 vulnerabilities. Moreover, LuaTaint exhibits a vulnerability detection precision rate of up to 89.29%.