The Various Facets of IoT Firmware Analysis

1

The Various Facets of IoT Firmware Analysis
2
The Various Facets of IoT Firmware Analysis

• Firmware is a code or software on the device that
  allows and enables the device to perform various
  tasks. The most common architectures for IoT
  devices are ARM and MIPS.
• Firmware provides the necessary instructions on
  how to communicate with hardware. Firmware is
  held in non-volatile memory devices such as ROM,
  EPROM, EEPROM, and code running on embedded
  devices.
• Updates to Firmware Firmware updates are often
  pushed to fix bugs, roll out new features, or
  improve security.
• Can happen automatically
• May need to be done manually
• What Is an IOT Device?
• A "non-standard" device linked to the internet is
  referred to as a "non-standard" device. Usually,
  they contain an embedded OS (firmware) and some
  way to interface with them. May have embedded
  sensors and can send, collect, and exchange data.
  
• Examples include Security Cameras, Smart Home
  Devices-outlets, light switches, etc., Raspberry
  Pis, Connected Appliances-washers, dryers,
  ovens, etc., Wireless Routers-Linksys, D-Link,
  ASUS, etc., Wearables -Apple Watch, Pedometers,
  heart monitors, Autonomous ag equipment and cars,
  and Connected Appliances-washers, dryers, ovens,
  etc.

3
The Various Facets of IoT Firmware Analysis

• Static Versus Dynamic Analysis
• Static looks at the firmware while it is not in
  operation
• Analyze filesystem
• Inspect bootloader
• Looks for hard-coded items
• Use tools such as Firmadyne, Binwalk, Firmwalker
  etc
• Dynamic looks at it while in operation
• Need to have device on and have access to it
• Also have the option to virtualize the IoT device
• Use pentest type tools like nmap, Metasploit etc
• Interesting right?
• Want to know more on this topic
  https//bit.ly/3AFQ7R8

4