Presented at
ShmooCon XV (2019),
Jan. 19, 2019, 2 p.m.
(60 minutes).
We present data on recent work conducted at CITL concerning embedded devices, IoT, and home routers. This data, generated from an analysis of over 6000 firmware images from 18 vendors (over 2.7 million binaries total), shows:
Over the lifetime of a single product, it is more common for a vendor to regress software hardening features than add new ones;
All major vendors failed to apply the most basic hardening uniformly;
Images built for newer architectures tend to have more hardening than images built for older architectures;
However, comparing firmware released in 2012 to 2018, while many hardening protections became enabled, ASLR was lower across the board.
The data also reveals a disturbing trend: the consistent presence of executable stacks in binaries from Linux/MIPS firmware. We discuss our investigation of this phenomena, and how an old flaw in Linux’ support for the MIPS FPU specification has resulted in a universal DEP bypass, and how subsequent attempts to fix this have resulted in the recent addition of a universal ASLR bypass.
Lastly, we remark on the utility of large empirical studies in assessing the overall state of security–a topic often discussed, but rarely backed by data.
Presenters:
-
Parker Thompson
Parker Thompson (@m0thran) is a computer hacker and research engineer from Seattle, Washington, specializing in reverse engineering and software analysis. His prior research includes contributions to crash dump analysis, fuzzing, Internet censorship, and related areas. He currently serves as the lead engineer at CITL.
-
Peiter Zatko / Mudge
as Mudge
Mudge (@dotMudge) is a computer hacker from the United States. His prior research includes early contributions to the theory and practice of buffer overflows, vulnerability discovery, and other foundational topics in computer and communications security. For over 20 years, he has been working to inform and protect the public, in both public and private sector. In 2016, together with Sarah Zatko, he co-founded CITL and currently serves as the chairman of the board.
-
Tim Carstens
Tim Carstens (@intoverflow) is a mathematician and research engineer from Seattle, Washington, specializing in geometry, logic, and software verification. His prior research includes contributions to crash dump analysis, computational number theory, and related areas. He currently serves as the acting director at CITL.
Links:
Similar Presentations: