Embedded systems are present in practically all modern devices, embedded software is an attractive target for hackers. Because embedded devices are severely constrained in the amount of code they can run, and upgrading security configurations after release is sometimes impossible, securing embedded software necessitates specialist development skills. Moreover, due to the security needs of the ICS/SCADA environment as well as the rise of the Internet of Things (IoT), vulnerability assessment of embedded systems is becoming increasingly critical. Hardware, firmware, network and cloud security, and application security all pose security hazards to IoT devices and ecosystems.
Firmware is a small piece of software that makes hardware work as its manufacturer intended it to. It
provides the necessary instructions for how the device communicates with the other computer
hardware. When it comes to security testing, looking at firmware might offer a lot of useful
information. Getting firmware access can be done in a variety of ways. The most common and easiest
of them are as follows:
• Download from Vendor Website: If the vendor allows direct download over the internet.
• Capture it using Wireshark: Collecting all network traffic when the embedded device is
upgrading its firmware.
• Dumping the Flash Memory: From EEPROM chip without de-soldering the ROM, extracting
firmware from flash memory via JTAG, and desoldering the flash IC from circuit board.
Embedded systems' software is a frequent target for hackers due to their extensive use. To acquire
control of devices or steal the data they collect, cybercriminals seek for both well-known and zero-day
vulnerabilities in embedded software code. Therefore, firmware testing carries great significance to
protect embedded devices from various software level attacks, network-based attacks, and side
channel attacks. Testing firmware using various open-source tools reveals the following information
content.
• Do the firmware images contain cryptographic key material?
• Are there any hard-coded login credentials?
• Is it possible for an attacker to gain access of the configuration files?
• Private keys and certificates are accessible or not?
• Do the findings include any miscellaneous binaries or third-party software/libraries?
• Analysis has extracted any executables present in firmware images.
• Are there any hard-coded IP addresses and email addresses?
• Are there any hard-coded URLs?
• Which OS versions are used and how old are the OS versions powering the devices?
• Are there any hidden backdoors that can lead to various vulnerabilities?
• Obsolete functions exist in embedded software development?
• Do Buffer overflow flaws exist in extracted firmware binary image?
To cater the needs of vulnerability assessment of embedded devices, here at NCSAEL we have
developed an indigenous toolkit FEAST, that performs the firmware extraction of various IoT devices
firmware, unpacks the firmware binary images(obfuscated and encrypted), and analyzes their security
status by searching for the potential vulnerabilities that they carry. Toolkit has the following benefits.
• Robust Security Assessment
• Cost Effective Solution
• Time and Resource Efficient
• Support for Multiple Vendors/ Products
• Enhanced Filesystem Support
• Detailed Report Generation
• Unified Solution for Sensitive Organizations
Constructing software for embedded systems is a difficult task. A developer must provide all essential functionality while also considering numerous device restrictions and safeguarding the software against assaults. Threats might come from a variety of places and channels, making it difficult to put protection against all of them onto a microprocessor with limited memory. Therefore, it is of great significance to carry the vulnerability assessment of embedded devices firmware to depict their security status. Moreover, this also aids in adding new security features to new software versions to combat new sorts of attacks or to fix a vulnerability.