Biblio

Aiming at the specificity and complexity of the power IoT terminal, a method of power IoT terminal firmware vulnerability detection based on memory fuzzing is proposed. Use the method of bypassing the execution to simulate and run the firmware program, dynamically monitor and control the execution of the firmware program, realize the memory fuzzing test of the firmware program, design an automatic vulnerability exploitability judgment plug-in for rules and procedures, and provide power on this basis The method and specific process of the firmware vulnerability detection of the IoT terminal. The effectiveness of the method is verified by an example.

As the traditional inverters are transforming toward more intelligent inverters with advanced information and communication technologies, the cyber-attack surface has been remarkably expanded. Specifically, securing firmware of smart inverters from cyber-attacks is crucial. This paper provides expanded firmware attack surface targeting smart inverters. Moreover, this paper proposes a security module for transforming a conventional inverter to a firmware security built-in smart inverter by preventing potential malware and unauthorized firmware update attacks as well as fast automated inverter recovery from zero-day attacks. Furthermore, the proposed security module as a client of blockchain is connected to blockchain severs to fully utilize blockchain technologies such as membership service, ledgers, and smart contracts to detect and mitigate the firmware attacks. The proposed security module framework is implemented in an Internet-of-Thing (IoT) device and validated by experiments.

Nowadays, an increasing number of IoT vendors have complied and deployed third-party code bases across different architectures. Therefore, to avoid the firmware from being affected by the same known vulnerabilities, searching known vulnerabilities in binary firmware across different architectures is more crucial than ever. However, most of existing vulnerability search methods are limited to the same architecture, there are only a few researches on cross-architecture cases, of which the accuracy is not high. In this paper, to promote the accuracy of existing cross-architecture vulnerability search methods, we propose a new approach based on Support Vector Machine (SVM) and Attributed Control Flow Graph (ACFG) to search known vulnerability in firmware across different architectures at function level. We employ a known vulnerability function to recognize suspicious functions in other binary firmware. First, considering from the internal and external characteristics of the functions, we extract the function level features and basic-block level features of the functions to be inspected. Second, we employ SVM to recognize a little part of suspicious functions based on function level features. After the preliminary screening, we compute the graph similarity between the vulnerability function and suspicious functions based on their ACFGs. We have implemented our approach CVSSA, and employed the training samples to train the model with previous knowledge to improve the accuracy. We also search several vulnerabilities in the real-world firmware images, the experimental results show that CVSSA can be applied to the realistic scenarios.

Because of rampant security breaches in IoT devices, searching vulnerabilities in massive IoT ecosystems is more crucial than ever. Recent studies have demonstrated that control-flow graph (CFG) based bug search techniques can be effective and accurate in IoT devices across different architectures. However, these CFG-based bug search approaches are far from being scalable to handle an enormous amount of IoT devices in the wild, due to their expensive graph matching overhead. Inspired by rich experience in image and video search, we propose a new bug search scheme which addresses the scalability challenge in existing cross-platform bug search techniques and further improves search accuracy. Unlike existing techniques that directly conduct searches based upon raw features (CFGs) from the binary code, we convert the CFGs into high-level numeric feature vectors. Compared with the CFG feature, high-level numeric feature vectors are more robust to code variation across different architectures, and can easily achieve realtime search by using state-of-the-art hashing techniques. We have implemented a bug search engine, Genius, and compared it with state-of-art bug search approaches. Experimental results show that Genius outperforms baseline approaches for various query loads in terms of speed and accuracy. We also evaluated Genius on a real-world dataset of 33,045 devices which was collected from public sources and our system. The experiment showed that Genius can finish a search within 1 second on average when performed over 8,126 firmware images of 420,558,702 functions. By only looking at the top 50 candidates in the search result, we found 38 potentially vulnerable firmware images across 5 vendors, and confirmed 23 of them by our manual analysis. We also found that it took only 0.1 seconds on average to finish searching for all 154 vulnerabilities in two latest commercial firmware images from D-LINK. 103 of them are potentially vulnerable in these images, and 16 of them were confirmed.