skip to main content
research-article

FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware

Published:19 March 2018Publication History
Skip Abstract Section

Abstract

We present a static, precise, and scalable technique for finding CVEs (Common Vulnerabilities and Exposures) in stripped firmware images. Our technique is able to efficiently find vulnerabilities in real-world firmware with high accuracy. Given a vulnerable procedure in an executable binary and a firmware image containing multiple stripped binaries, our goal is to detect possible occurrences of the vulnerable procedure in the firmware image. Due to the variety of architectures and unique tool chains used by vendors, as well as the highly customized nature of firmware, identifying procedures in stripped firmware is extremely challenging. Vulnerability detection requires not only pairwise similarity between procedures but also information about the relationships between procedures in the surrounding executable. This observation serves as the foundation for a novel technique that establishes a partial correspondence between procedures in the two binaries. We implemented our technique in a tool called FirmUp and performed an extensive evaluation over 40 million procedures, over 4 different prevalent architectures, crawled from public vendor firmware images. We discovered 373 vulnerabilities affecting publicly available firmware, 147 of them in the latest available firmware version for the device. A thorough comparison of FirmUp to previous methods shows that it accurately and effectively finds vulnerabilities in firmware, while outperforming the detection rate of the state of the art by 45% on average.

References

  1. Preston Briggs, Keith D. Cooper, and L. Taylor Simpson. 1997. Value Numbering. Software: Practice and Experience Vol. 27, 6 (June. 1997), 701--724. Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis. (2016). Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Mark Weiser. 1984. Program Slicing. IEEE Transactions on Software Engineering Vol. SE-10, 4 (jul. 1984), 352--357. 0098--5589 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

(auto-classified)
  1. FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!