Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale
media.ccc.de via YouTube
Master Production-Ready Machine Learning, Step by Step
Lead AI Strategy with UCSB's Agentic AI Program — Microsoft Certified
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the intricacies of identifying multi-binary vulnerabilities in embedded firmware at scale in this 37-minute conference talk from the 36th Chaos Communication Congress. Delve into the challenges of analyzing hardware-dependent software on low-power, single-purpose embedded devices like routers and IoT systems. Learn about Karonte, a novel static analysis tool that models and tracks multi-binary interactions to detect insecure, attacker-controlled vulnerabilities. Discover the results of experiments on 53 firmware samples from various vendors, leading to the discovery of 46 zero-day bugs. Gain insights from a large-scale experiment on 899 different samples, demonstrating Karonte's scalability and effectiveness in analyzing real-world firmware. Watch a demonstration of the tool in action, showcasing its ability to detect previously unknown vulnerabilities.
Syllabus
Introduction
Overview of IoT
Why is it hard to secure IoT
Firmware design
Interprocess communication
Environment variable
Unpacking
CPS
BDG
Static Link
Results
Running current
Summary
Taught by
media.ccc.de