Overview
Explore the intricacies of identifying multi-binary vulnerabilities in embedded firmware at scale in this 37-minute conference talk from the 36th Chaos Communication Congress. Delve into the challenges of analyzing hardware-dependent software on low-power, single-purpose embedded devices like routers and IoT systems. Learn about Karonte, a novel static analysis tool that models and tracks multi-binary interactions to detect insecure, attacker-controlled vulnerabilities. Discover the results of experiments on 53 firmware samples from various vendors, leading to the discovery of 46 zero-day bugs. Gain insights from a large-scale experiment on 899 different samples, demonstrating Karonte's scalability and effectiveness in analyzing real-world firmware. Watch a demonstration of the tool in action, showcasing its ability to detect previously unknown vulnerabilities.
Syllabus
Introduction
Overview of IoT
Why is it hard to secure IoT
Firmware design
Interprocess communication
Environment variable
Unpacking
CPS
BDG
Static Link
Results
Running current
Summary
Taught by
media.ccc.de