Paper Info
Title
Identifying Privilege Separation Vulnerabilities In Iot Firmware With Symbolic Execution
Abstract
With the rapid proliferation of IoT devices, we have witnessed increasing security breaches targeting IoT devices. To address this, considerable attention has been drawn to the vulnerability discovery of IoT firmware. However, in contrast to the traditional firmware bugs/vulnerabilities (e.g. memory corruption), the privilege separation model in IoT firmware has not yet been systematically investigated. In this paper, we conducted an in-depth security analysis of the privilege separation model of IoT firmware and identified a previously unknown vulnerability called privilege separation vulnerability. By combining loading information extraction, library function recognition and symbolic execution, we developed Gerbil, a firmware-analysis-specific extension of the Angr framework for analyzing binaries to effectively identify privilege separation vulnerabilities in IoT firmware. So far, we have evaluated Gerbil on 106 real-world IoT firmware images (100 of which are bare-metal and RTOS-based device firmware. Gerbil have successfully detected privilege separation vulnerabilities in 69 of them. We have also verified and exploited the privilege separation vulnerabilities in several popular smart devices including Xiaomi smart gateway, Changdi smart oven and TP-Link smart WiFi plug. Our research demonstrates that an attacker can leverage the privilege separation vulnerability to launch a border spectrum of attacks such as malicious firmware replacement and denial of service.
Year
DOI
Venue
2019
10.1007/978-3-030-29959-0_31
COMPUTER SECURITY - ESORICS 2019, PT I
Keywords
DocType
Volume
Internet of Things, Firmware analysis, Privilege separation
Conference
11735
ISSN
Citations 
PageRank 
0302-9743
1
0.35
References 
Authors
0
6
Name
Order
Citations
PageRank
Yao Yao131.05
Wei Zhou2152.92
Jia Yan316720.78
lipeng zhu417414.48
Peng Liu51701171.49
Yuqing Zhang653.12