Hacking the Internet of Things Andrei Costin andrei@firmware.re @costinandrei
What I do? Embedded Security Research ● 2009 – RFID MiFare Classic (MFCUK) Click to edit Master text styles • ● https://github.com/nfc-tools/mfcuk Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 2
What I do? Embedded Security Research ● 2010-2011 – MFP/Printer Security Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 3
What I do? Embedded Security Research ● 2012 – ADS-B Airplane AirTraffic Security Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 4
What I do? Embedded Security Research ● 2013 – CCTV/DVR Security Click to edit Master text styles • ● http://www.powerofcommunity.net/poc2013/slide/andrei.pdf Second level — ● Warned about high population of vulnerable & accessible Third level — ● Disclosed some backdoor vulnerabilities in CCTV/DVR Fourth level • – http://firmware.re/vulns/acsa-2013-009.php Fifth level — ● https://github.com/zveriu/cctv-ddns-shodan-censys ● Demonstrated 1-2 million CCTV/DVR online 24 Nov 2016 andrei@firmware.re - OverdriveCon 5
What I do? Embedded Security Research ● 2014 – Insecam launched by anonymous Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 6
What I do? Embedded Security Research ● 2016 – Largest DDoS by... CCTV/DVR Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 7
What I do? Embedded Security Research ● 2016 – Largest DDoS by... CCTV/DVR Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 8
Embedded Devices: EVERYWHERE! Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — by Wilgengebroed on Flickr [CC-BY-2.0] 24 Nov 2016 andrei@firmware.re - OverdriveCon 9
Embedded Devices: Smarter, More Complex Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — by Wilgengebroed on Flickr [CC-BY-2.0] 24 Nov 2016 andrei@firmware.re - OverdriveCon 10
Embedded Devices: More Interconnected, More WWW Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — by Wilgengebroed on Flickr [CC-BY-2.0] 24 Nov 2016 andrei@firmware.re - OverdriveCon 11
Embedded Devices: More Interconnected, More WWW Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 12
Observations ● By 2014, there were hundred thousands firmware Click to edit Master text styles packages ( Costin et al., USENIX Security 2014 ) • Second level — ● By 2014, there were 14 billion Internet connected objects Third level — ( Cisco, Internet of Things Connections Counter, 2014 ) Fourth level • Fifth level — ● By 2020, there will be between 20 and 50 billion interconnected IoT/embedded devices ( Cisco, The Internet of Everything in Motion, 2013 ) 24 Nov 2016 andrei@firmware.re - OverdriveCon 13
Challenges ● Large number of devices → Analysis without devices Click to edit Master text styles ● Large number of firmware files → Scalable architectures • ● Highly heterogeneous systems → Generic techniques Second level — ● Increasingly “smart”, “connected” → Focus on web interfaces & APIs Third level — ● Highly unstructured firmware data → Large dataset classification Fourth level • ● Vulnerable devices exposed → Technology-independent device Fifth level — fingerprinting 24 Nov 2016 andrei@firmware.re - OverdriveCon 14
Challenges and Solutions ● Large number of devices → Analysis without devices Click to edit Master text styles ● Large number of firmware files → Scalable architectures • ● Highly heterogeneous systems → Generic techniques Second level — ● Increasingly “smart”, “connected” → Focus on web interfaces & APIs Third level — ● Highly unstructured firmware data → Large dataset classification Fourth level • ● Vulnerable devices exposed → Technology-independent device Fifth level — fingerprinting 24 Nov 2016 andrei@firmware.re - OverdriveCon 15
Scalable Framework: Dynamic Firmware Analysis Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 16
Scalable Framework: Dynamic Firmware Analysis Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 17
Scalable Framework: Dynamic Firmware Analysis Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 18
Scalable Framework: Dynamic Firmware Analysis Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 19
Scalable Framework: Dynamic Firmware Analysis Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 20
Scalable Framework: Dynamic Firmware Analysis Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 21
Scalable Framework: Dynamic Firmware Analysis Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 22
Embedded Devices Emulation: Mind the Scalability/Heterogeneity Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 23
Embedded Devices Emulation: Mind the Scalability/Heterogeneity Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 24
Embedded Devices Emulation: Mind the Scalability/Heterogeneity Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 25
Embedded Devices Emulation: Mind the Scalability/Heterogeneity Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 26
Embedded Devices Emulation: Mind the Scalability/Heterogeneity Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 27
Embedded Devices Emulation: Some modes are challenging Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 28
Embedded Devices Emulation: Some modes are challenging Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 29
Embedded Devices Emulation: Some modes are challenging Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 30
Embedded Devices Emulation: Some modes are challenging Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 31
QEMU System Emulation: Original FW, Generic kernel, Chroot Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 32
QEMU System Emulation: Original FW, Generic kernel, Chroot Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 33
QEMU System Emulation: Original FW, Generic kernel, Chroot Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 34
QEMU System Emulation: Original FW, Generic kernel, Chroot Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 35
QEMU System Emulation: Original FW, Generic kernel, Chroot Click to edit Master text styles • Second level — Third level — Fourth level • Fifth level — 24 Nov 2016 andrei@firmware.re - OverdriveCon 36
Recommend
More recommend
![Internet Of Things? Internet Of Thieves! Pullar Giovanni Battista [IT Engineer&DevOps]](https://c.sambuz.com/1065545/internet-of-things-internet-of-thieves-s.jpg)
