Nonstandard Sinks Matter: A Comprehensive and Efficient Taint Analysis Framework for Vulnerability Detection in Embedded Firmware

Researchers developed BPDA, a method for finding security vulnerabilities in embedded firmware (software that runs on devices like routers and IoT devices) by tracking how user input flows through code to reach dangerous functions called sinks. The method is faster and more accurate than existing tools, discovering 163 real vulnerabilities including 34 previously unknown ones when tested on firmware from major manufacturers.