Visible to the public Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

TitleAutomated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Publication TypeConference Paper
Year of Publication2016
AuthorsCostin, Andrei, Zarras, Apostolis, Francillon, Aurélien
Conference NameProceedings of the 11th ACM on Asia Conference on Computer and Communications Security
Date PublishedMay 2016
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4233-9
Keywordsdynamic analysis, emulation, firmware, IoT, Metrics, pubcrawl, Resiliency, Router Systems Security, vulnerability discovery
Abstract

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that embedded devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Web security is still difficult and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the devices' vendor, type, or architecture. To reach this goal, we perform full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we automatically analyze the web interfaces within the firmware using both static and dynamic analysis tools. We also present some interesting case-studies and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale.

URLhttps://dl.acm.org/doi/10.1145/2897845.2897900
DOI10.1145/2897845.2897900
Citation Keycostin_automated_2016