ARGUS: Assessing Unpatched Vulnerable Devices on the Internet via Efficient Firmware Recognition

ARGUS: Assessing Unpatched Vulnerable Devices on the Internet via Efficient Firmware Recognition

연구 분야: Infrastructure

학회: ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

Assessing unpatched devices affected by a specified vulnerability is a vital but unsolved issue. Using a proof-of-concept tool on the Internet is illegal, while identifying vulnerable device models and firmware versions via fingerprints is a safer method. However, device search engines such as Shodan do not claim to accurately identify device models or versions, and existing works on firmware online recognition neglect the efficiency challenge of scanning redundant fingerprints. Consequently, this fingerprint-checking method has few real-world verifications on the Internet. We propose ARGUS, a simple but practical framework to identify device models and firmware versions. At its core is a heuristic fingerprint crush saga (FCS) scheme inspired by the phone game "Candy Crush Saga". It can improve efficiency by an average of 156 times compared to scanning fingerprints of all web files by default. This efficiency improvement enables us to widely assess the proportion of unpatched devices affected by 176 CVE vulnerabilities, which is 64.3% on average on the Internet. This result quantitatively proves that the majority of users do not periodically update device firmware.