FIRMRES: Exposing Broken Device-Cloud Access Control in IoT Through Static Firmware Analysis

FIRMRES: Exposing Broken Device-Cloud Access Control in IoT Through Static Firmware Analysis

연구 분야: Analysis

학회: 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Device-cloud interfaces are a critical component of IoT given their centrality of the cloud-side control over the connected devices, which has attracted an increasing number of attacks exploiting their access control. Regrettably, there is a lack of techniques to facilitate the examination of such a critical interface, primarily hindered by the challenges of dynamic firmware analysis to reconstruct device-cloud messages and generate testing cues. This paper presents FIRMRES, a principled static approach that automatically reconstructs device-cloud messages by modeling message construction semantics in IoT firmware. At the center of FIRMRES is a message field tree which is formed of the backward data flows from message delivery callsites to the potential sources of message fields. By walking through, transforming, and contextual learning from this tree, device-cloud messages are automatically reconstructed and a set of semantics during “message construction” such as the message format, the field semantics, and the order of the fields are inferred. Facilitated with the messages reconstructed by FIRMRES, we were able to manually examine the access control of device-cloud interfaces. FIRMRES reconstructed 246 effective messages from the firmware of 20 IoT devices, leading to the discovery of 13 previously-unknown vulnerabilities in their clouds.