FIRMWARE.RE: FIRMWARE UNPACKING, ANALYSIS AND VULNERABILITY-DISCOVERY AS A SERVICE presented at BlackHatEU 2014

by Andrei Costin, Davide Balzarotti, Jonas Zaddach, Aurélien Francillon,

URL : https://www.blackhat.com/docs/eu-14/materials/eu-14-Zaddach-Firmware-re-Firmware-Unpacking-Analysis-And-Vulnerability-Discovery-As-A-Service.pdf

Summary : As embedded systems are more than ever present in our society, their security is becoming an increasingly important issue. However, with many recent analysis of individual firmware images, embedded systems acquired a reputation of being very insecure. However, we still lack a global understanding of embedded systems security as well as the tools and techniques needed to support such general claims.
In this talk, we present the first public, large scale, analysis of firmware images: we unpacked 32K firmware images into 1.7M individual files, which we then analyze. We leverage this large scale analysis to bring new insights and outline several open challenges when performing such experiments. We also show the main benefits of looking at many different devices at the same time and of linking our results with other large scale datasets, such as the ZMap SSL collection. We discuss results that would not have been possible to achieve without such a wide-scale analysis.
In summary, without performing sophisticated static analysis, we discovered a total of 38 previously unknown vulnerabilities in over 693 firmware images. Moreover, by correlating similar files inside apparently unrelated firmware images, we were able to extend some of those vulnerabilities to over 123 different products. We also confirmed that some of these vulnerabilities altogether are affecting at least 140K devices accessible on the public Internet.
We believe that this project, which we plan to provide as a service on the long term, will help shed some light on the security of embedded devices.