A Vulnerability Scanning Method for Web Services in Embedded Firmware
-
Published:2024-03-12
Issue:6
Volume:14
Page:2373
-
ISSN:2076-3417
-
Container-title:Applied Sciences
-
language:en
-
Short-container-title:Applied Sciences
Author:
Ma Xiaocheng1ORCID, Yan Chenyv1, Wang Yunchao1, Wei Qiang1, Wang Yunfeng1
Affiliation:
1. School of Cyberspace Security, Information Engineering University, Zhengzhou 450007, China
Abstract
As the Internet of Things (IoT) era arrives, the proliferation of IoT devices exposed to the Internet presents a significant challenge to device security. Firmware is software that operates within Internet of Things (IoT) devices, directly governing their behaviors and functionalities. Consequently, the security of firmware is critical to shielding IoT devices from potential threats. In order to enable users to operate a device intuitively, firmware commonly provides a web interface. Consequently, this interface frequently serves as the primary attack goal in Internet of Things (IoT) devices, rendering them susceptible to numerous cyber-attacks. Unfortunately, web services have complex data interactions and implicit dependencies, and it is not easy to balance efficiency and accuracy during the analysis process, leading to heavy overhead. This paper proposes a lightweight vulnerability scanning approach, WFinder, designed explicitly for embedded firmware web services to perform vulnerability checks on backend binary files in firmware. WFinder uses static analysis to focus on identifying vulnerabilities in boundary binary files related to web services in firmware. Initially, the approach identifies boundary binary files and external data entry points based on front-end and back-end associativity features. Subsequently, rules are formulated to filter hazardous functions to narrow the analysis targets. Finally, the method generates sensitive call paths from the external data input points to the hazardous functions and conducts a lightweight taint analysis along these paths to uncover potential vulnerabilities. We implemented a prototype of WFinder and evaluated it on the firmware of ten devices from five well-known manufacturers. We discovered thirteen potential vulnerabilities, eight of which were confirmed by the CNVD, and assigned them CNVD identification numbers. Compared with the most advanced tool, SATC, WFinder was more efficient at discovering more bugs on the test set. These results indicate that WFinder is effective at detecting bugs in embedded web services.
Funder
National Key Research and Development Program of China
Reference32 articles.
1. GSMA (2020, June 01). June 2020. Available online: https://www.gsma.com/. 2. (2018, April 16). Boofuzz. Available online: https://github.com/jtpereyda/boofuzz. 3. Chen, J., Diao, W., Zhao, Q., Zuo, C., Lin, Z., Wang, X., Lau, W.C., Sun, M., Yang, R., and Zhang, K. (2018, January 18–21). IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA. 4. Feng, X., Sun, R., Zhu, X., Xue, M., Wen, S., Liu, D., Nepal, S., and Xiang, Y. (2021, January 15–19). Snipuzz: Black-box fuzzing of iot firmware via message snippet inference. Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event. 5. Ma, X., Zeng, Q., Chi, H., and Luo, L. (2023, January 18–22). No More Companion Apps Hacking but One Dongle: Hub-Based Blackbox Fuzzing of IoT Firmware. Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Service, Helsinki, Finland.
|
|