Description
Security of IT devices is becoming more and more relevant as humanity is becoming increasingly dependent on technology.
Driven by the rise of the Internet of Things (IoT), thousands of new devices are deployed each day. These devices do not
share the same design principles as a PC, because the functional requirements are fundamentally different between the platforms.
Integrating security mechanisms implies the need for additional computational power, which is already limited on embedded systems.
Therefore manufacturers waive the implementation and configuration of security mechanisms on their devices to reduce costs. This
may have significant implications on internet security, as there is a large number of vulnerable devices connected to a global network.
The objective of this work is to verify the security level of IoT devices by executing different firmware extraction methods and binary
analysis of the obtained firmware. This is done in the perspective of an adversary to provide an example of a real world situation. The
goal is to understand the thought process behind the identification of attack surfaces and the corresponding security mechanisms that
prevent exploitation. This requires low-level inspection of the electronic components of the undocumented target devices. The identification
of attack surfaces on the platforms enables the potential exploitation of unprotected entry points. Getting access to debug interfaces provides
an opportunity to extract data stored in memory. Another method presented in this work is direct communication with the storage module via serial
interfaces. The extracted firmware binary is then analyzed using various tools and its properties are summarized. The firmware protection mechanism
of a device is reversed and documented.
The findings of this work show that the extraction of firmware can be executed with affordable hardware and open-source software.
Unauthorized access mechanisms to the systems resources are identified and exploited. Solutions to mitigate the observed attack surfaces
are then presented and discussed.
|
