Systematic exploration of fuzzing in IoT: techniques, vulnerabilities, and open challenges

Asma Touqir; Faisal Iradat; Waseem Iqbal; Abdur Rakib; Nazim Taskin; Hesam Jadidbonab; Olivier Haas

doi:10.1007/s11227-025-07371-y

Systematic exploration of fuzzing in IoT: techniques, vulnerabilities, and open challenges

Asma Touqir
, Faisal Iradat
, Waseem Iqbal
, Abdur Rakib
, Nazim Taskin
, Hesam Jadidbonab
, Olivier Haas

Centre for Future Transport and Cities

Institute of Business Administration (IBA), Karachi
Sultan Qaboos University
Boğaziçi University

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

As our dependence on the internet and digital platforms grows, the risk of cyber threats rises, making it essential to implement effective measures to safeguard sensitive information through cybersecurity, ensure system integrity, and prevent unauthorized data access. Fuzz testing, commonly known as fuzzing, is a valuable technique for software testing as it uncovers vulnerabilities and defects in systems by introducing random data inputs, often leading to system crashes. In the Internet of Things (IoT) domain, fuzzing is crucial for identifying vulnerabilities in networks, devices, and applications through automated tools that systematically inject malformed inputs into IoT systems. However, despite its importance, existing research on fuzzing techniques in IoT contexts remains limited by the absence of standardized benchmarks, inefficiencies in re-hosting strategies, and difficulties in detecting complex, condition-dependent vulnerabilities. The primary objective of this study is to comprehensively evaluate current fuzzing practices, emphasizing adaptive techniques designed for IoT systems. Using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) model, a systematic literature review was conducted across 32 academic articles published between 2020 and 2024. The analysis revealed that although fuzzing enhances IoT security, its effectiveness is hindered by device heterogeneity, limited system resources, and evolving cyber threat landscapes. The findings suggest that to overcome these limitations, future research should focus on AI-driven fuzzing methods, robust multi-architecture support, and the development of standardized evaluation frameworks to strengthen IoT cybersecurity.

Original language	English
Article number	877
Journal	Journal of Supercomputing
Volume	81
DOIs	https://doi.org/10.1007/s11227-025-07371-y
Publication status	Published - 23 May 2025

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2025.
Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders.

This version of the article has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/s11227-025-07371-y

Keywords

Advanced adaptive fuzzing techniques
Effective cybersecurity measures
Unauthorized data access
Valuable software testing technique

ASJC Scopus subject areas

Theoretical Computer Science
Software
Information Systems
Hardware and Architecture

Access to Document

10.1007/s11227-025-07371-y

Cite this

@article{2859a73dc7de4b5cafdea7bae58b35e2,

title = "Systematic exploration of fuzzing in IoT: techniques, vulnerabilities, and open challenges",

abstract = "As our dependence on the internet and digital platforms grows, the risk of cyber threats rises, making it essential to implement effective measures to safeguard sensitive information through cybersecurity, ensure system integrity, and prevent unauthorized data access. Fuzz testing, commonly known as fuzzing, is a valuable technique for software testing as it uncovers vulnerabilities and defects in systems by introducing random data inputs, often leading to system crashes. In the Internet of Things (IoT) domain, fuzzing is crucial for identifying vulnerabilities in networks, devices, and applications through automated tools that systematically inject malformed inputs into IoT systems. However, despite its importance, existing research on fuzzing techniques in IoT contexts remains limited by the absence of standardized benchmarks, inefficiencies in re-hosting strategies, and difficulties in detecting complex, condition-dependent vulnerabilities. The primary objective of this study is to comprehensively evaluate current fuzzing practices, emphasizing adaptive techniques designed for IoT systems. Using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) model, a systematic literature review was conducted across 32 academic articles published between 2020 and 2024. The analysis revealed that although fuzzing enhances IoT security, its effectiveness is hindered by device heterogeneity, limited system resources, and evolving cyber threat landscapes. The findings suggest that to overcome these limitations, future research should focus on AI-driven fuzzing methods, robust multi-architecture support, and the development of standardized evaluation frameworks to strengthen IoT cybersecurity.",

keywords = "Advanced adaptive fuzzing techniques, Effective cybersecurity measures, Unauthorized data access, Valuable software testing technique",

author = "Asma Touqir and Faisal Iradat and Waseem Iqbal and Abdur Rakib and Nazim Taskin and Hesam Jadidbonab and Olivier Haas",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2025. Copyright {\textcopyright} and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders. This version of the article has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/s11227-025-07371-y ",

year = "2025",

month = may,

day = "23",

doi = "10.1007/s11227-025-07371-y",

language = "English",

volume = "81",

journal = "Journal of Supercomputing",

issn = "0920-8542",

publisher = "Springer Verlag",

}

TY - JOUR

T1 - Systematic exploration of fuzzing in IoT

T2 - techniques, vulnerabilities, and open challenges

AU - Touqir, Asma

AU - Iradat, Faisal

AU - Iqbal, Waseem

AU - Rakib, Abdur

AU - Taskin, Nazim

AU - Jadidbonab, Hesam

AU - Haas, Olivier

N1 - Publisher Copyright: © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2025. Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders. This version of the article has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/s11227-025-07371-y

PY - 2025/5/23

Y1 - 2025/5/23

N2 - As our dependence on the internet and digital platforms grows, the risk of cyber threats rises, making it essential to implement effective measures to safeguard sensitive information through cybersecurity, ensure system integrity, and prevent unauthorized data access. Fuzz testing, commonly known as fuzzing, is a valuable technique for software testing as it uncovers vulnerabilities and defects in systems by introducing random data inputs, often leading to system crashes. In the Internet of Things (IoT) domain, fuzzing is crucial for identifying vulnerabilities in networks, devices, and applications through automated tools that systematically inject malformed inputs into IoT systems. However, despite its importance, existing research on fuzzing techniques in IoT contexts remains limited by the absence of standardized benchmarks, inefficiencies in re-hosting strategies, and difficulties in detecting complex, condition-dependent vulnerabilities. The primary objective of this study is to comprehensively evaluate current fuzzing practices, emphasizing adaptive techniques designed for IoT systems. Using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) model, a systematic literature review was conducted across 32 academic articles published between 2020 and 2024. The analysis revealed that although fuzzing enhances IoT security, its effectiveness is hindered by device heterogeneity, limited system resources, and evolving cyber threat landscapes. The findings suggest that to overcome these limitations, future research should focus on AI-driven fuzzing methods, robust multi-architecture support, and the development of standardized evaluation frameworks to strengthen IoT cybersecurity.

AB - As our dependence on the internet and digital platforms grows, the risk of cyber threats rises, making it essential to implement effective measures to safeguard sensitive information through cybersecurity, ensure system integrity, and prevent unauthorized data access. Fuzz testing, commonly known as fuzzing, is a valuable technique for software testing as it uncovers vulnerabilities and defects in systems by introducing random data inputs, often leading to system crashes. In the Internet of Things (IoT) domain, fuzzing is crucial for identifying vulnerabilities in networks, devices, and applications through automated tools that systematically inject malformed inputs into IoT systems. However, despite its importance, existing research on fuzzing techniques in IoT contexts remains limited by the absence of standardized benchmarks, inefficiencies in re-hosting strategies, and difficulties in detecting complex, condition-dependent vulnerabilities. The primary objective of this study is to comprehensively evaluate current fuzzing practices, emphasizing adaptive techniques designed for IoT systems. Using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) model, a systematic literature review was conducted across 32 academic articles published between 2020 and 2024. The analysis revealed that although fuzzing enhances IoT security, its effectiveness is hindered by device heterogeneity, limited system resources, and evolving cyber threat landscapes. The findings suggest that to overcome these limitations, future research should focus on AI-driven fuzzing methods, robust multi-architecture support, and the development of standardized evaluation frameworks to strengthen IoT cybersecurity.

KW - Advanced adaptive fuzzing techniques

KW - Effective cybersecurity measures

KW - Unauthorized data access

KW - Valuable software testing technique

UR - https://www.scopus.com/pages/publications/105005805745

U2 - 10.1007/s11227-025-07371-y

DO - 10.1007/s11227-025-07371-y

M3 - Article

AN - SCOPUS:105005805745

SN - 0920-8542

VL - 81

JO - Journal of Supercomputing

JF - Journal of Supercomputing

M1 - 877

ER -

Systematic exploration of fuzzing in IoT: techniques, vulnerabilities, and open challenges

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Embargoed Document

Fingerprint

Cite this