TUM Logo

Internet of Vulnerabilities: Extracting and Analysing Firmware of IoT devices

Internet of Vulnerabilities: Extracting and Analysing Firmware of IoT devices

Supervisor(s): Fabian Franzen
Status: finished
Topic: Others
Author: Thomas Grote
Submission: 2022-04-15
Type of Thesis: Bachelorthesis

Description

Security of IT devices is becoming more and more relevant as humanity is becoming increasingly dependent on technology. 
Driven by the rise of the Internet of Things (IoT), thousands of new devices are deployed each day. These devices do not 
share the same design principles as a PC, because the functional requirements are fundamentally different between the platforms. 
Integrating security mechanisms implies the need for additional computational power, which is already limited on embedded systems. 
Therefore manufacturers waive the implementation and configuration of security mechanisms on their devices to reduce costs. This 
may have significant implications on internet security, as there is a large number of vulnerable devices connected to a global network.
The objective of this work is to verify the security level of IoT devices by executing different firmware extraction methods and binary 
analysis of the obtained firmware. This is done in the perspective of an adversary to provide an example of a real world situation. The 
goal is to understand the thought process behind the identification of attack surfaces and the corresponding security mechanisms that 
prevent exploitation. This requires low-level inspection of the electronic components of the undocumented target devices. The identification 
of attack surfaces on the platforms enables the potential exploitation of unprotected entry points. Getting access to debug interfaces provides 
an opportunity to extract data stored in memory. Another method presented in this work is direct communication with the storage module via serial 
interfaces. The extracted firmware binary is then analyzed using various tools and its properties are summarized. The firmware protection mechanism 
of a device is reversed and documented.
The findings of this work show that the extraction of firmware can be executed with affordable hardware and open-source software. 
Unauthorized access mechanisms to the systems resources are identified and exploited. Solutions to mitigate the observed attack surfaces 
are then presented and discussed.