Systematic exploration of fuzzing in IoT: techniques, vulnerabilities, and open challenges

Author(s)

Asma Touqir, Institute of Business Administration, Karachi, PakistanFollow
Faisal Iradat, Institute of Business Administration (IBA), KarachiFollow
Waseem Iqbal, Sultan Qaboos University, OmanFollow
Abdur Rakib, Coventry UniversityFollow
Nazim Taskin, Bogazici UniversityFollow
Hesam Jadidbonab, Coventry UniversityFollow
Olivier Haas, Coventry UniversityFollow

Author Affiliation

• Dr. Faisal Iradat is an Assistant Professor at Department of Computer Science, Institute of Business Administration (IBA), Karachi

Faculty / School

School of Mathematics and Computer Science (SMCS)

Department

Department of Computer Science

Was this content written or created while at IBA?

Yes

Document Type

Article

Source Publication

The Journal of Supercomputing

Keywords

Cryptology, Internet of Things, Security

Disciplines

Artificial Intelligence and Robotics | Cybersecurity | Information Security | OS and Networks | Theory and Algorithms

Abstract

As our dependence on the internet and digital platforms grows, the risk of cyber threats rises, making it essential to implement effective measures to safeguard sensitive information through cybersecurity, ensure system integrity, and prevent unauthorized data access. Fuzz testing, commonly known as fuzzing, is a valuable technique for software testing as it uncovers vulnerabilities and defects in systems by introducing random data inputs, often leading to system crashes. In the Internet of Things (IoT) domain, fuzzing is crucial for identifying vulnerabilities in networks, devices, and applications through automated tools that systematically inject malformed inputs into IoT systems. However, despite its importance, existing research on fuzzing techniques in IoT contexts remains limited by the absence of standardized benchmarks, inefficiencies in re-hosting strategies, and difficulties in detecting complex, condition-dependent vulnerabilities. The primary objective of this study is to comprehensively evaluate current fuzzing practices, emphasizing adaptive techniques designed for IoT systems. Using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) model, a systematic literature review was conducted across 32 academic articles published between 2020 and 2024. The analysis revealed that although fuzzing enhances IoT security, its effectiveness is hindered by device heterogeneity, limited system resources, and evolving cyber threat landscapes. The findings suggest that to overcome these limitations, future research should focus on AI-driven fuzzing methods, robust multi-architecture support, and the development of standardized evaluation frameworks to strengthen IoT cybersecurity.

Indexing Information

HJRS - W Category, Web of Science - Science Citation Index Expanded (SCI)

Citation/Publisher Attribution

Touqir, A., Iradat, F., Iqbal, W., Rakib, A., Taskin, N., Jadidbonab, H., & Haas, O. (2025). Systematic exploration of fuzzing in IoT: techniques, vulnerabilities, and open challenges. The Journal of Supercomputing, 81(8), 1-46.

Recommended Citation

Touqir, A., Iradat, F., Iqbal, W., Rakib, A., Taskin, N., Jadidbonab, H., & Haas, O. (2025). Systematic exploration of fuzzing in IoT: techniques, vulnerabilities, and open challenges. The Journal of Supercomputing, 81 (877) Retrieved from https://ir.iba.edu.pk/faculty-research-articles/250

Publication Status

Published

Rights Information

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.