David Malaschonok (Fraunhofer SIT — ATHENE)

With the advance of IoT technology, embedded systems have become omnipresent in everyday life, taking on ever more security sensitive tasks. Because of this, the security analysis of embedded firmware has reached unprecedented importance.

At the same time, the need to keep production and operation costs low imposes strong resource constraints and optimization pressure on the design of embedded IoT devices. Trade-offs include smaller firmware images that lack debug symbols, and lighter housing that is harder to disassemble. Notably, the cheapest products tend to receive the least amount of vendor support, thus making them more vulnerable, while simultaneously being the least amenable to analysis, thus making it harder for third parties to assess and address the resulting risks.

Knowing which precise microcontroller unit (MCU) is built into a particular device allows insight into its memory map, which is valuable for both static and dynamic analysis of its firmware. However, while it is usually easy to determine the manufacturer and model of an IoT appliance through visual inspection, identifying the MCU at the core of the device is often only possible after destructive disassembly.

To address this problem, we propose an automatic approach to derive the MCU of an embedded device from its firmware image. The approach is based on identifying which addresses the firmware expects to be accessible and finding the most similar MCU memory map in a pre-calculated knowledge base. Our approach does not depend on debug symbols or physical access to any part of the embedded device.

In our evaluation, this approach correctly identifies the precise MCU series 57% of the time and finds the most precise available memory map 44% of the time.

View More Papers

BKPIR: Keyword PIR for Private Boolean Retrieval

Jie Song (Institute of Information Engineering, Chinese Academy of Sciences; Intelligent Policing Key Laboratory of Sichuan Province, Sichuan Police College; School of Cyber Security, University of Chinese Academy of Sciences), Zhen Xu (Institute of Information Engineering, Chinese Academy of Sciences), Yan Zhang (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University…

Read More

FirmAgent: Leveraging Fuzzing to Assist LLM Agents with IoT...

Jiangan Ji (Information Engineering University,Tsinghua University), Chao Zhang (Tsinghua University), Shuitao Gan (Labortory for Advanced Computing and Intelligence Engineering), Lin Jian (Information Engineering University), Hangtian Liu (Information Engineering University), Tieming Liu (Information Engineering University), Lei Zheng (Tsinghua university), Zhipeng Jia (Information Engineering University)

Read More

Cryptobazaar: Private Sealed-bid Auctions at Scale

Andrija Novakovic (Bain Capital Crypto), Alireza Kavousi (University College London), Kobi Gurkan (Bain Capital Crypto), Philipp Jovanovic (University College London)

Read More