Abstract
Embedded Linux devices are very popular today and due their simple implementation they have become ubiquitous in our daily lives. Manufactures provide firmware updates online to enhance software security and quality of their products. In this context, software updates and firmware versions represent an enormous potential for security analysts to perform vulnerability analyses, because no real device is needed to gain valuable insights into systems. Previous solutions show the enormous advantages of automatically performing vulnerability research, but do not correlate program versions with ‘Common Vulnerabilities and Exposures’ (CVE) entries. Our solution provides a remote debugging interface to analyse extracted programs.
Therefore, in this paper we present XOR, an expandable web application framework, which supports the manual reverse engineering process of embedded Linux firmware images. In addition, an internal correlation database offers valuable insights for further research. XOR features detect system services, provides a remote debugging interface and allow the correlation between program version and CVE entries. We analysed 47 firmware images of 20 different vendors and found 487 related CVE entries.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: Proceedings of the 23rd USENIX Security Symposium 2014 (2014). https://www.usenix.org/system/files/conference/usenixsecurity14/-sec14-paper-costin.pdf
Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of the US Blackhat 2015 (2015). http://adsabs.harvard.edu/abs/2015arXiv151103609C
Chen, D., Egele, M., Woo, M., Brumley, D.: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. Boston University (2016). https://github.com/firmadyne
Metasploit. https://www.metasploit.com
Docker. https://www.docker.com/
CVE-search. https://github.com/cve-search/cve-search
Heffner, C.: Exploiting embedded systems part 3. In: /DEV/TTYS0 Embedded Device Hacking, blog post, 25 September 2011. http://www.devttys0.com/2011/09/exploiting-embedded-systems-part-3/
Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of the US Blackhat 2015 (2015). http://adsabs.harvard.edu/abs/2015arXiv151103609C
Heffner, C.: Differentiate encryption from compression using math. In: /DEV/TTYS0 Embedded Device Hacking, blog post, 12 June 2013. http://www.devttys0.com/2013/06/differentiate-encryption-from-compression-using-math/
Zaddach, J., Costin, A.: Embedded devices security and firmware reverse engineering. In: Proceeding of the US Blackhat 2013 (2013). http://media.blackhat.com
Siever, E., Figgins, S., Love, R., Robbins, A.: Linux in a Nutshell. O’Reilly Media Inc., Sebastopol (2009)
Eagle, C.: The IDA Pro Book. No Starch Press, San Francisco (2011)
Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threads, vulnerabilities, and attack taxonomy. In: Proceeding of the 14th Annual Conference of Privacy, Security and Trust (PST) (2015). http://www.cse.psu.edu/~pdm12/cse597g-f15/readings/cse597g-embedded_systems.pdf
Heffner, C.: ‘Exploiting Embedded systems part 3’, /DEV/TTYS0 Embedded Device Hacking, blog post, 25 September 2011. http://www.devttys0.com/2011/09/exploiting-embedded-systems-part-3/
Sally, G.: Pro Linux Embedded Systems. Springer, New York (2010)
Strackx, R., Younan, Y., Philippaerts, P., Piessens, F.: Efficient and Effective Buffer Overflow Protection on ARM Processors. University of Leuven (2010). https://lirias.kuleuven.be/bitstream/123456789/266377/1/paper.pdf
OWASP: OWASP Top 10, wiki (2013). https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet
Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. UC Santa Barbara (2015). http://angr.io/
Binwalk. http://binwalk.org
CVE-2010-0597. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0597
firmwalker. https://github.com/craigz28/firmwalker
Flask. http://flask.pocoo.org/
Ubuntu 14.04. http://releases.ubuntu.com/14.04/
Cent OS. http://isoredirect.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso
mongodb. https://www.mongodb.com/
Ubuntu bash image. https://github.com/Blitznote/docker-ubuntu-debootstrap
Exploit database. https://www.exploit-db.com
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Vorhauer, C., Gebeshuber, K. (2019). XOR. In: Auer, M., Langmann, R. (eds) Smart Industry & Smart Education. REV 2018. Lecture Notes in Networks and Systems, vol 47. Springer, Cham. https://doi.org/10.1007/978-3-319-95678-7_42
Download citation
DOI: https://doi.org/10.1007/978-3-319-95678-7_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95677-0
Online ISBN: 978-3-319-95678-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)