Backdoors in firmware can leave IoT devices open to hackers, researchers warn
LAS VEGAS -- As Internet of Things devices proliferate, so too does the software embedded in these devices that enable them to communicate. Errors in this firmware, whether accidental or intentional, could open up the sensitive data to being transmitted to hackers, warned researchers from Lastline, a provider of breach and advanced persistent threat detection.
Firmware errors include memory corruption flaws, command injection vulnerabilities, application logic flaws and authentication bypass or backdoors, explained Christopher Kruegel, co-founder and chief scientist at Lastline, during a presentation Thursday at the BlackHat security conference.
Backdoors aren't necessarily malicious. They are often deliberately put into the firmware by the manufacturer to get access to deployed devices for maintenance and upgrades. However, they can be exploited to sidestep the authentication process and gain access to the device.
For security researchers trying to detect a backdoor in firmware, it can seem overwhelming at times because the IoT devices are usually proprietary and often the firmware's source code is not available, Kruegel noted.
To help detect backdoors in firmware, Lastline has developed a tool called Angr, which combines traditional static program analysis, value set analysis and symbolic execution. While the symbolic execution technique is precise, does not result in false positives and produces actionable inputs, it is not scalable, explained Yan Shoshitaishvili, a Lastline researcher and Ph.D. candidate at University of California Santa Barbara, where Kruegel teaches.
That is where traditional static analysis comes in. By combining analytic methods, the Angr tool can detect most firmware backdoors, despite the challenges, Shoshitaishvili concluded.
Symantec, Frost Data Capital to fund early-stage startups in big data, IoT security
IoT, other trends will cause major shifts in IT security operations, Gartner says
IoT security is 'significantly more complex' than M2M, network security, warns Beecham CEO