You are here

Automated and Scalable Analysis of Mobile and IoT Device Firmware

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: 70RSAT18C00000024
Agency Tracking Number: FY18.1-H-SB018.1-008-0008-I
Amount: $149,999.85
Phase: Phase I
Program: SBIR
Solicitation Topic Code: H-SB018.1-008
Solicitation Number: FY18.1
Solicitation Year: 2018
Award Year: 2018
Award Start Date (Proposal Award Date): 2018-05-02
Award End Date (Contract End Date): 2018-11-01
Small Business Information
591 Camino de la Reina Suite 610
San Diego, CA 92108-3108
United States
DUNS: 010681380
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 John Geddes
 Senior Staff Scientist
 (619) 398-1410
Business Contact
 Maggie Sullivan
Title: Accounting & Contracts Manager
Phone: (619) 398-1410
Research Institution

As Internet of Things (IoT) and mobile devices become increasingly popular and widely used, the security of the firmware running on these devices is paramount.However, due to the lack of an efficient and scalable analysis framework, combined with the increasing pressure to get products to market as quickly as possible, the software running on these devices is never properly checked for security vulnerabilities and backdoors.This results in a large potential attack surface, with millions of devices owned by individuals, enterprises, and government agencies that could be exploited by external adversaries. To fill this gap RAM Laboratories is proposing Firmalytics, a modular and scalable framework that automatically analyzes firmware images for security vulnerabilities, backdoors, and malware.The results, along with any metadata gathered about the firmware, are added to a database to support a correlation engine used for identifying groups of similar firmware.This grouping helps give contextual information of what vulnerabilities might be common among the firmware, allowing for us to prioritize vulnerabilities to search for when scanning the image. Additionally, our framework supports the use of more advanced vulnerability detection methods that rely on complex techniques such as symbolic execution.While these techniques have trouble scaling, we can utilize the correlation engine to intelligently sample images from the firmware database to analyze and potentially find 0-day vulnerabilities that have yet to be discovered.We can then verify which similar images might also be vulnerable and report the results back to the end user.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government