Hacking the IoT protocol using AI: An LLM βreadsβ ~1,200 pages of docs & finds 67 Zero-Days π¨π»βπ»π¨π¬π΅βπ«π
Security researchers Xiaoyue Ma, Lannan Luo, and Qiang Zeng presented in 2024 their work on building an AI-based fuzzer for Matter - an open-source protocol for smart home and IoT devices designed to ensure interoperability across brands (Apple, Google, Amazon, Samsung).
The problem was that the documentation for Matter is over 1,200 pages long, and instead of reading it manually, the authors used an LLM (GPT-4) to analyze it, map fuzzing-relevant data, and speed up the vulnerability discovery process. And it worked!
As a result - 147 new bugs, including 61 zero-days. Impressive :) Enjoy the read!
More details:
From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT Devices
Paper [PDF]: https://www.usenix.org/system/files/usenixsecurity24-ma-xiaoyue.pdf
Slides [PDF]: https://www.usenix.org/system/files/usenixsecurity24_slides-ma-xiaoyue.pdf
