1,534 Hits in 6.1 sec

From prey to hunter

Ang Cui, Jatin Kataria, Salvatore J. Stofo
2011 Proceedings of the 27th Annual Computer Security Applications Conference on - ACSAC '11  
We devised a method of augmenting legacy embedded devices, like Cisco routers, with host-based defenses in order to create a stealthy, embedded sensor-grid capable of monitoring and capturing real-world  ...  of detecting and capturing successful attacks against itself for analysis.  ...  of host-based defenses within closesource embedded device firmwares.  ... 
doi:10.1145/2076732.2076788 dblp:conf/acsac/CuiKS11 fatcat:2ykyvfyec5bvpmrixvp7urw5qi

Cutting Through the Complexity of Reverse Engineering Embedded Devices

Sam L. Thomas, Jan Van den Herrewegen, Georgios Vasilakis, Zitai Chen, Mihai Ordean, Flavio D. Garcia
2021 Transactions on Cryptographic Hardware and Embedded Systems  
Performing security analysis of embedded devices is a challenging task.  ...  Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices.  ...  State-of-the-art tools provide limited support for embedded architectures resulting in disassembly errors that propagate through the analysis process. 2.  ... 
doi:10.46586/tches.v2021.i3.360-389 fatcat:hrw6z3dfw5bxndoxeye53rphkq

Game of Hide-and-Seek: Exposing Hidden Interfaces in Embedded Web Applications of IoT Devices

Wei Xie, Jiongyi Chen, Zhenhua Wang, Chao Feng, Enze Wang, Yifei Gao, Baosheng Wang, Kai Lu
2022 Proceedings of the ACM Web Conference 2022  
Specifically, IoTScope constructs probing requests through firmware analysis to test physical devices, and narrows down the scope of identification by filtering out irrelevant requests and interfaces through  ...  An important target of such attacks is the hidden interface of embedded web applications, which employs no protection but exposes security-critical actions and sensitive information to illegitimate users  ...  In particular, we extract filenames and pathnames through static firmware analysis to construct probing requests.  ... 
doi:10.1145/3485447.3512213 fatcat:smvdkjtfmza6ximtxnlr3ysqye


Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin R.B. Butler
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
We also successfully find malicious activity in embedded 8051 firmwares without the use of source code.  ...  This work introduces FirmUSB, a USB-specific firmware analysis framework that uses domain knowledge of the USB protocol to examine firmware images and determine the activity that they can produce.  ...  ACKNOWLEDGMENTS This work is supported in part by the US National Science Foundation under grant CNS-1254017.  ... 
doi:10.1145/3133956.3134050 dblp:conf/ccs/HernandezFTYB17 fatcat:egqo62ulcbhj7ghwdbrc5rohjm

EWVHunter: Grey-Box Fuzzing with Knowledge Guide on Embedded Web Front-Ends

Enze Wang, Baosheng Wang, Wei Xie, Zhenhua Wang, Zhenhao Luo, Tai Yue
2020 Applied Sciences  
The key idea in this paper is based on the observation that most embedded devices are controlled through the web front-end.  ...  and (3) the conditional constraints of programs in the device reduce the depth and breadth of fuzz testing.  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/app10114015 fatcat:jtnjrq2p7nar7pi4adxcikuvjm

A first empirical look on internet-scale exploitations of IoT devices

Mario Galluscio, Nataliia Neshenko, Elias Bou-Harb, Yongliang Huang, Nasir Ghani, Jorge Crichigno, Georges Kaddoum
2017 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC)  
While IoT envisions a plethora of high impact benefits in both, the consumer as well as the control automation markets, unfortunately, security concerns continue to be an afterthought.  ...  Technological advances and innovative business models led to the modernization of the cyber-physical concept with the realization of the Internet of Things (IoT).  ...  Moreover, poorly designed devices can quickly be recruited into malicious botnets by allowing the execution of arbitrary commands or re-programming of device firmwares [10] .  ... 
doi:10.1109/pimrc.2017.8292628 dblp:conf/pimrc/GalluscioNBHGCK17 fatcat:k4r6vkftbba55ffztmnrl5ncfi

From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware [article]

Wenqiang Li, Le Guan, Jingqiang Lin, Jiameng Shi, Fengjun Li
2021 arXiv   pre-print
To demonstrate the superiority of our approach in terms of security testing, we used off-the-shelf dynamic analysis tools (AFL and ASAN) against the rehosted programs and discovered 28 previously-unknown  ...  However, ad-hoc re-hosting is a daunting and tedious task and subject to many issues (library-dependence, kernel-dependence and hardware-dependence).  ...  The work reported in this paper was supported in part by JFSG from the University of Georgia Research Foundation, Inc., NSF IIS-2014552, DGE-1565570, NSA Science of Security Initiative H98230-18-D-0009  ... 
arXiv:2107.12867v1 fatcat:y2xpjkggyvfdjfbt4epsu2knmq

Secure LoRa Firmware Update with Adaptive Data Rate Techniques

Derek Heeger, Maeve Garigan, Eirini Eleni Tsiropoulou, Jim Plusquellic
2021 Sensors  
Internet of Things (IoT) devices rely upon remote firmware updates to fix bugs, update embedded algorithms, and make security enhancements.  ...  A malicious actor could attempt to steal the firmware to gain access to embedded algorithms or enable faulty behavior by injecting their own code into the device.  ...  International, Inc., for the U.S.  ... 
doi:10.3390/s21072384 pmid:33808160 fatcat:5fcfrh7jgvcg5jrkwmye7agbe4

Uncovering Security Vulnerabilities in the Belkin WeMo Home Automation Ecosystem

Haoyu Liu, Tom Spink, Paul Patras
2019 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)  
In this paper, we demonstrate that this is also the case of home automation applications, as we uncover a set of previously undocumented security issues in the Belkin WeMo ecosystems.  ...  The popularity of smart home devices is growing as consumers begin to recognize their potential to improve the quality of domestic life.  ...  Using OpenWrt as the embedded system greatly decreases the cost of development, and to some degree guarantees the security of the devices, in part due to regular firmware updates.  ... 
doi:10.1109/percomw.2019.8730685 dblp:conf/percom/LiuSP19 fatcat:r2bqauaokbhyljnnalonwi3ro4

One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization [article]

Robert Buhren, Hans Niklas Jacob, Thilo Krachenfels, Jean-Pierre Seifert
2021 arXiv   pre-print
The VCEK binds the endorsement keys to the firmware version of TCB components relevant for SEV.  ...  access to the target host.  ...  To re-import a VM, a MA on the target host can re-create the VM using the guest context and the encrypted guest memory.  ... 
arXiv:2108.04575v4 fatcat:zmj2cww5dzb4djki5jzckbgfhm

RobotCore: An Open Architecture for Hardware Acceleration in ROS 2 [article]

Víctor Mayoral-Vilches, Sabrina M. Neuman, Brian Plancher, Vijay Janapa Reddi
2022 arXiv   pre-print
It builds on top of the common ROS 2 build system and tools and is easily portable across different research and commercial solutions through a new firmware layer.  ...  However, the diversity of acceleration options makes it difficult for roboticists to easily deploy accelerated systems without expertise in each specific hardware platform.  ...  Based on the benchmarking analysis, we demonstrate two novel separate paths toward hardware acceleration: (1) kernel fusion, and (2) improved message passing.  ... 
arXiv:2205.03929v1 fatcat:2thq37opavgqjjuwcdspv3hf4m

Evaluating Industrial Control Devices Security: Standards, Technologies and Challenges [chapter]

Feng Xie, Yong Peng, Wei Zhao, Yang Gao, Xuefeng Han
2014 Lecture Notes in Computer Science  
Finally, this paper discussed the challenges facing us in evaluation of industrial control devices.  ...  Cyber security for industrial automation and control systems has been a much discussed topic in recent years. Security evaluation of industrial control devices has been gaining rising attention.  ...  It is a good approach to attack a control device by means of exploiting the known vulnerability in the operating system of the device. ─ Firmware analysis.  ... 
doi:10.1007/978-3-662-45237-0_57 fatcat:2yyw57gc3fgoxluddft7nxtpc4

MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions [article]

Omar Adel Ibrahim, Savio Sciancalepore, Gabriele Oligeri, Roberto Di Pietro
2020 arXiv   pre-print
To thwart the above-cited raising threats, we propose MAGNETO, an efficient, non-interactive, and privacy-preserving framework to verify the authenticity of a USB flash drive, rooted in the analysis of  ...  However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices.  ...  The findings achieved herein are solely the responsibility of the authors.  ... 
arXiv:2002.05905v3 fatcat:7fesxg72onacrfl4mthnhhuqsy

ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels [article]

Muhui Jiang, Lin Ma, Yajin Zhou, Qiang Liu, Cen Zhang, Zhi Wang, Xiapu Luo, Lei Wu, Kui Ren
2021 arXiv   pre-print
However, it is challenging to run firmware images of embedded devices in QEMU, especially theprocess to boot the Linux kernel (we call this process rehosting the Linux kernel in this paper.)  ...  ., kernel crash analysis, rootkit forensic analysis, and kernel fuzzing, based on the rehosted kernels to demonstrate the usage scenarios of ECMO.  ...  Conclusion In this work, we propose a novel technique named peripheral transplantation to rehost the Linux kernel of embedded devices in QEMU.  ... 
arXiv:2105.14295v1 fatcat:jfoqslyzcrfcxhsdybgjjo7au4

A Rapid Prototyping Platform for Wireless Medium Access Control Protocols

Dean A. Armstrong, Murray W. Pearson
2007 2007 IEEE International Conf. on Application-specific Systems, Architectures and Processors (ASAP)  
The hardware architecture along with supporting firmware and software provides for a short design cycle in implementation of custom MAC protocols, and a large degree of flexibility in hardware/software  ...  Substantial research effort has been and continues to be invested into the study of existing protocols and the development of new and specialised ones, however researchers are restricted in their studies  ...  Though focus here is on the hardware and firmware architecture, the complete system provides support at all stages of the design cycle from initial specification using formal techniques, through automated  ... 
doi:10.1109/asap.2007.4459297 dblp:conf/asap/ArmstrongP07 fatcat:u2ohxyh5y5c5bc63ttj3ngfu7u
« Previous Showing results 1 — 15 out of 1,534 results