Home / Series / Chaos Communication Congress / Aired Order / Season 36 / Episode 66

Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of our lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure, which led to the development of an IoT-specific cybercrime underground. Unfortunately, the software on these systems is hardware-dependent, and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. Moreover, most of the existing devices implement their functionality through the use of multiple binaries. This multi-binary service implementation renders current static and dynamic analysis techniques either ineffective or inefficient, as they are unable to identify and adequately model the communication between the various executables.

English
  • Originally Aired December 28, 2019
  • Runtime 40 minutes
  • Production Code 10891
  • Created December 28, 2019 by
    Administrator admin
  • Modified December 28, 2019 by
    Administrator admin