Identifying Privilege Separation Vulnerabilities in IoT Firmware with Symbolic Execution

Yao, Yao; Wei, Zhou; Jia, Yan; Zhu, Lipeng; Liu, Peng; Zhang, Yuqing

doi:10.1007/978-3-030-29959-0_31

Cited by 22 publications

(14 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gerbil [144] is a binary analysis framework to identify privilege separation vulnerabilities. First, it extracts the loading information from IoT firmware to know which MCU model is used in this firmware.…”

Section: Firmware Analysismentioning

confidence: 99%

A Survey on Recent Advanced Research of CPS Security

et al. 2021

View full text Add to dashboard Cite

Cyber-physical systems (CPSs) are next-generation intelligent systems that integrate computing, communication, and control. Malicious attacks on CPSs can lead to both property damage and casualties. Therefore, it is worth surveying CPS security by reviewing and analyzing the latest high-quality related works. In this paper, we provide an overview of the CPS security studies from the last five years and select 142 related works from A- or B-level conferences/journals recommended by the China Computer Federation (CCF). First, we review the main contents of the selected papers and classify them into 24 topics. Then, we analyze hotspots and trends of CPS security technologies in three dimensions: (1) architecture layers (perception, network, and application); (2) application scenarios (smart grids, health care, smart transportation, smart homes, and general grids); and (3) MADC (Measure, Attack, Defense, and Control) types. Finally, we also perform a statistical analysis in terms of paper publication times, author institutes, countries, and sponsors to show the current worldwide CPS security research situation.

show abstract

Section: Firmware Analysismentioning

confidence: 99%

A Survey on Recent Advanced Research of CPS Security

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Fig. 1 shows a typical IoT communication system based on our experiments and previous researches [13], [14], [16], [17]. The system consists of three components, an IoT device, a controller and a cloud server.…”

Section: A Architecture Of An Iot Systemmentioning

confidence: 99%

On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems

Liu

Yang

Ling

et al. 2020

Preprint

View full text Add to dashboard Cite

IoT security and privacy has raised grave concerns. Efforts have been made to design tools to identify and understand vulnerabilities of IoT systems. Most of the existing protocol security analysis techniques rely on a well understanding of the underlying communication protocols. In this paper, we systematically present the first manual reverse engineering framework for discovering communication protocols of embedded Linux based IoT systems. We have successfully applied our framework to reverse engineer a number of IoT systems. As an example, we present a detailed use of the framework reverse-engineering the WeMo smart plug communication protocol by extracting the firmware from the flash, performing static and dynamic analysis of the firmware and analyzing network traffic. The discovered protocol exposes severe design flaws that allow attackers to control or deny the service of victim plugs. Our manual reverse engineering framework is generic and can be applied to both read-only and writable Embedded Linux filesystems.

show abstract

“…As shown in Figure 5, a legitimate user is the ownership of a smart lock with the device ID A, and an attacker owns another IoT device with the device ID B. At this point, if the attacker has access to the same local network with the user's device, he is able to send a set_device_id command to the smart lock, changing the device ID of the smart lock from A to B which has been bound with the attacker's account as revealed in recent research [24].…”

Section: Bug 6: Privilege Separation Logic Bugs In Iot Firmwarementioning

confidence: 99%

“…Thus, the local attackers are able to perform some remote sensitive command C (e.g., setting device ID or unbinding the devices) which should only be sent by cloud. Such unexpected execution paths are called privilege separation vulnerabilities in paper [24]. D. Identifying Method.…”

Section: Bug 6: Privilege Separation Logic Bugs In Iot Firmwarementioning

confidence: 99%

“…Based on the root cause of the attack, the key to identify privilege separation vulnerabilities is to identify the over-privileged common functions which will be used for performing one command but could be invoked by different interactive entities. Yao et al [24] developed a useful tool to identify the over-privileged common function according to the path constraints generated by symbolic execution.…”

Section: Bug 6: Privilege Separation Logic Bugs In Iot Firmwarementioning

confidence: 99%

See 1 more Smart Citation

Logic Bugs in IoT Platforms and Systems: A Review

Wei¹,

Cao²,

Huo³

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

In recent years, IoT platforms and systems have been rapidly emerging. Although IoT is a new technology, new does not mean simpler (than existing networked systems). Contrarily, the complexity (of IoT platforms and systems) is actually being increased in terms of the interactions between the physical world and cyberspace. The increased complexity indeed results in new vulnerabilities. This paper seeks to provide a review of the recently discovered logic bugs that are specific to IoT platforms and systems. In particular, 17 logic bugs and one weakness falling into seven categories of vulnerabilities are reviewed in this survey.

show abstract

Identifying Privilege Separation Vulnerabilities in IoT Firmware with Symbolic Execution

Cited by 22 publications

References 16 publications

A Survey on Recent Advanced Research of CPS Security

A Survey on Recent Advanced Research of CPS Security

On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems

Logic Bugs in IoT Platforms and Systems: A Review

Contact Info

Product

Resources

About