Abstract
Embedded devices have become ubiquitous, and they are used in a range of privacy-sensitive and security-critical applications. Most of these devices run proprietary software, and little documentation is available about the software's inner workings. In some cases, the cost of the hardware and protection mechanisms might make access to the devices themselves infeasible. Analyzing the software that is present in such environments is challenging, but necessary, if the risks associated with software bugs and vulnerabilities must be avoided. As a matter of fact, recent studies revealed the presence of backdoors in a number of embedded devices available on the market. In this paper, we present Firmalice, a binary analysis framework to support the analysis of firmware running on embedded devices. Firmalice builds on top of a symbolic execution engine, and techniques, such as program slicing, to increase its scalability. Furthermore, Firmalice utilizes a novel model of authentication bypass flaws, based on the attacker's ability to determine the required inputs to perform privileged operations. We evaluated Firmalice on the firmware of three commercially-available devices, and were able to detect authentication bypass backdoors in two of them. Additionally, Firmalice was able to determine that the backdoor in the third firmware sample was not exploitable by an attacker without knowledge of a set of unprivileged credentials.
| Original language | English (US) |
|---|---|
| DOIs | |
| State | Published - 2015 |
| Externally published | Yes |
| Event | 22nd Annual Network and Distributed System Security Symposium, NDSS 2015 - San Diego, United States Duration: Feb 8 2015 → Feb 11 2015 |
Conference
| Conference | 22nd Annual Network and Distributed System Security Symposium, NDSS 2015 |
|---|---|
| Country/Territory | United States |
| City | San Diego |
| Period | 2/8/15 → 2/11/15 |
ASJC Scopus subject areas
- Computer Networks and Communications
- Control and Systems Engineering
- Safety, Risk, Reliability and Quality