FirmFuzz : Automated IoT Firmware Introspection and Analysis
Primary Investigator:
Mathias Payer
Prashast Srivastava, Hui Peng, Ryan Berg, Nathan Burow, Howard Shrobe, Hamed Okhravi, Mathias Payer
Abstract
While the number of IoT devices grows at an exhilarating
pace, their security remains stagnant. Imposing secure
coding standards across all vendors is infeasible. Test-
ing the security of individual devices allows an analyst
to evaluate their security post deployment. Any discov-
ered vulnerabilities can then be disclosed to the vendors
to allow them to improve their products. The search for
vulnerabilities should ideally be automated for efficiency
and device-independent for scalability.
We present FirmFuzz, an automated device-
independent dynamic analysis framework for Linux-
based firmware images. FirmFuzz improves on existing
state of the art hardware independent emulation tech-
niques by providing mock support for all peripherals
interfaced with by the firmware. It employs a rainbow
fuzzing approach which incorporates both grey-box and
white-box fuzzing to provide for targeted and deter-
ministic bug discovery within these firmware images
without requiring any manual intervention.
We evaluate FirmFuzz on a sample set of six firmware
images and discovered eight previously undisclosed vul-
nerabilities across four different devices: two TREND-
net Wireless IP cameras and two TRENDnet Wireless
Routers.