Automated and Scalable Analysis of Mobile and IoT Device Firmware

As Internet of Things (IoT) and mobile devices become increasingly popular and widely used, the security of the firmware running on these devices is paramount.However, due to the lack of an efficient and scalable analysis framework, combined with the increasing pressure to get products to market as quickly as possible, the software running on these devices is never properly checked for security vulnerabilities and backdoors.This results in a large potential attack surface, with millions of devices owned by individuals, enterprises, and government agencies that could be exploited by external adversaries. To fill this gap RAM Laboratories is proposing Firmalytics, a modular and scalable framework that automatically analyzes firmware images for security vulnerabilities, backdoors, and malware.The results, along with any metadata gathered about the firmware, are added to a database to support a correlation engine used for identifying groups of similar firmware.This grouping helps give contextual information of what vulnerabilities might be common among the firmware, allowing for us to prioritize vulnerabilities to search for when scanning the image. Additionally, our framework supports the use of more advanced vulnerability detection methods that rely on complex techniques such as symbolic execution.While these techniques have trouble scaling, we can utilize the correlation engine to intelligently sample images from the firmware database to analyze and potentially find 0-day vulnerabilities that have yet to be discovered.We can then verify which similar images might also be vulnerable and report the results back to the end user.