Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware

by Christopher Kruegel, Yan Shoshitaishvili
Sept. 19, 2017 0 comments Black Hat belen_caty

Detecting vulnerabilities and backdoors in firmware is challenging for several reasons. To begin with, the devices in question are usually proprietary, and therefore the source code of the firmware is not available. While this is a problem common to analyzing binary software in general, firmware takes it one step further: firmware often takes the form of a single binary image that runs directly on the hardware of the device, without an underlying operating system. In this presentation, we will talk about the challenges of performing automated vulnerability analysis and backdoor finding in firmware. Then, we report on a binary static analysis system, called Angr, that automates most of the process of searching firmware binaries for the presence of flaws. To the best of our knowledge, Angr is the first firmware analysis system working at the binary level, in a scalable manner, and with no requirement to instrument code on the original device.