PANDORA: A Scalable and Efficient Scheme to Extract Version of Binaries in IoT Firmwares

Citations Over Time

Abstract

Open source components are widely used by IoT vendors to develop firmwares in devices. The exposure of vulnerabilities existing in some specific versions of the core components may cause severe security incidents such as the Heartbleed event in 2014 and the Sambacry event in 2016. Extracting the version information from various firmware binaries is significant for evaluating the influence of such incidents and providing emergency response services. To the best of our knowledge, there are still no scalable and efficient extraction methods for binary version information in IoT firmwares. The commonly used method for traditional softwares requires the running up of the firmwares and interaction such as '-version' to obtain the version information. This method is not applicable for IoT devices, as they are built from various platforms which makes it impossible to simulate all of the interested firmwares at large scale. In this paper, we design, implement and evaluate a scalable and efficient binary version extraction framework (termed as PANDORA) for IoT firmwares, which does not rely on the real runtime environment. The main idea of our methodology is to leverage version strings in binaries to get version information. We design a string recover engine (SRE) to recover the missing pieces of those incomplete version strings. We test PANDORA in a dataset containing 2683 IoT binary files. Surprisingly 2267 of them are version-extractable and the recognition rate can reach 84.5%.

Related Papers

• → Secure and Lightweight Firmware Update Framework for IoT Environment(2019)6 cited
• → Embedded Firmware Solutions(2015)2 cited
• → 1A1-H03 Development of Firmware Database for RTC-CANopen(Developing Intelligent Technology for Next-Generation Robots)(2011)
• → Determining the Range of Image Base of ARM Firmware(2023)
• → Understanding the Role of Firmware in SSDs(2023)