Alexander Balgavy (Independent), Marius Muench (University of Birmingham)

Embedded devices are a pervasive and at times invisible part of our lives. Due to this pervasiveness, security vulnerabilities may have severe consequences, particularly because many embedded devices are deployed in sensitive applications, such as the industrial, automotive, and medical sectors. Linux-based firmware has already been the subject of extensive research; however, a considerable part of embedded devices do not run Linux. Since current literature mostly focuses on Linux-based firmware, the ecosystem of non-Linux firmware is not well-known.

Therefore, in this paper, we aim to fill this gap in research with FIRMLINE, a pipeline suitable for a large-scale study of nonLinux-based firmware. Using this pipeline, we analyze 21,755 samples, obtained from previous studies and new sources. As part of a security assessment, we also investigate the presence of operating systems and memory protections for a subset of 756 non-Linux ARM samples and find that the majority do not make use of either. Our work will allow for further research of non-Linux firmware, such as refining generic analysis techniques or investigating the OS and deployed security facilities of such firmware in more detail.

View More Papers

AAKA: An Anti-Tracking Cellular Authentication Scheme Leveraging Anonymous Credentials

Hexuan Yu (Virginia Polytechnic Institute and State University), Changlai Du (Virginia Polytechnic Institute and State University), Yang Xiao (University of Kentucky), Angelos Keromytis (Georgia Institute of Technology), Chonggang Wang (InterDigital), Robert Gazda (InterDigital), Y. Thomas Hou (Virginia Polytechnic Institute and State University), Wenjing Lou (Virginia Polytechnic Institute and State University)

Read More

Rethink Custom Transformers for Binary Analysis

Heng Yin, Professor, Department of Computer Science and Engineering, University of California, Riverside

Read More

CLIK on PLCs! Attacking Control Logic with Decompilation and...

Sushma Kalle (University of New Orleans), Nehal Ameen (University of New Orleans), Hyunguk Yoo (University of New Orleans), Irfan Ahmed (Virginia Commonwealth University)

Read More

From Hardware Fingerprint to Access Token: Enhancing the Authentication...

Yue Xiao (Wuhan University), Yi He (Tsinghua University), Xiaoli Zhang (Zhejiang University of Technology), Qian Wang (Wuhan University), Renjie Xie (Tsinghua University), Kun Sun (George Mason University), Ke Xu (Tsinghua University), Qi Li (Tsinghua University)

Read More