IoT 장치 취약점 분석을 위한 IoT Companion App 기반 SendMessage 식별 방법론

서영재; 조효진; 조해현; 강민정; 이승민

IoT 장치 취약점 분석을 위한 IoT Companion App 기반 SendMessage 식별 방법론

Vol. 35, No. 1, pp. 119-134, 2월. 2025

10.13089/JKIISC.2025.35.1.119, Full Text:

Keywords: IoT security, Companion App, SendMessage, Obfuscation, Fuzzing Trigger
Abstract

With the advancement of Internet of Things (IoT) technology, a wide variety of IoT devices have become integral parts of our daily lives; however, threats arising from security vulnerabilities have increased correspondingly. Security weaknesses in companion apps that interact with IoT devices can lead to severe consequences such as personal information leakage and service disruptions. Existing IoT security research has struggled to effectively identify the SendMessage function—which transmits data from companion apps to IoT devices—due to limitations caused by app obfuscation. This study proposes a novel methodology that accurately identifies the SendMessage function even in obfuscated environments through static and dynamic analysis. The proposed approach enhances the detection rate and accuracy of the SendMessage function, and experimental results demonstrate superior performance compared to existing tools. This research aims to contribute to the proactive detection and prevention of security vulnerabilities in IoT devices.

Statistics

Show / Hide Statistics

Cite this article

[IEEE Style]

서영재, 조효진, 조해현, 강민정, 이승민, "A Methodology for Identifying SendMessages in IoT Companion Apps for Vulnerability Analysis of IoT Devices," Journal of The Korea Institute of Information Security and Cryptology, vol. 35, no. 1, pp. 119-134, 2025. DOI: 10.13089/JKIISC.2025.35.1.119.

[ACM Style]

서영재, 조효진, 조해현, 강민정, and 이승민. 2025. A Methodology for Identifying SendMessages in IoT Companion Apps for Vulnerability Analysis of IoT Devices. Journal of The Korea Institute of Information Security and Cryptology, 35, 1, (2025), 119-134. DOI: 10.13089/JKIISC.2025.35.1.119.