Automated Vulnerability Research for “Smart” IoT Devices

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of users' lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure. Unfortunately, the firmware running on these systems is hardware-dependent and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. Even worse, firmware images are very rarely available for analysis, often making black-box testing the only viable analysis option.

In this talk, I will discuss the challenges of applying traditional testing methods, such as fuzzing, in the IoT domain, and I will present novel techniques and tools we developed for the automated discovery and analysis of security vulnerabilities in IoT devices. After an overview of our high-level approach, I will then present a few use cases for effective security testing of embedded devices, such as for identifying vulnerable update mechanisms and auditing trusted execution environments. Finally, I will show the results of our research, draw conclusions on the state of security of the IoT ecosystem, and highlight directions for future research.