The Automation of Firmware-Analysis for IoT-Devices

Abstract

The advances in information technology gave us the possibility of networking components, which today is grouped under the term Internet of Things. The security of operating systems of such devices is being tested today by many isolated tools. A security check therefore consists of chained individual steps, which must be performed manually by the tester. There are hardly any freely available and free programs, which automates this sequence. For this reason, I have decided to develop a own freely available firmware scanner. A freely available scanner could be beneficial to the entire IT security industry, as interested IT security firms do not have to invest heavily in development. I was able to develop two Python-tools which could automate a huge part of this analysis. These tools can be used for dynamic- and static analysis of firmware.

Outline

At first, I´d like to talk about why Firmware-Security is so important today. After that I´m going to show some methods, how a firmware-analysis can be done (reversing, searching for important files, emulation, etc.). I want to finish the talk with a presentation of my Firmware-Analyzer. This tool is able to reverse a lot of firmwares, to check for any encryption of the image and to search for important files, etc. This presentation will be done with Powerpoint and Live-Examples.

Alexander Poth

I´m a bachelor-student of Industrial Engineering and will hold my degree in March 2019. Right now, I´m doing my bachelor thesis about a self-made tool to automate firmware-analysis. I´m doing this in cooperation with Eurofins Cybersec GmbH. Since February 2018, I´m a student employee for Penetration Testing. I will be employed as Junior-Penetration-Tester in March 2019. Before 2018, I was working as a technician for machine tools at BMW but I was a computer kid my whole life.