IoT processor and binary breakdown: The good the bad and the ugly

Presented at TROOPERS18 (2018), March 12, 2018, 4 p.m. (Unknown duration)

The diversity of architecture, exploitation techniques, malware design and processors used in critical telecom infrastructure such Telecom, security, power and defense drastically overlap with the IoT architectures where the use of PowerPC, ARM and MIPS, is extremely prevalent.

Furthermore, IoT devices being utilized in a critical infrastructure capacity are becoming more prevalent such embedded mobile cores, running ARM chipsets being deployed in defense capacity. These devices proxy communications, set up attachments, regulate and manage critical sensors and can even run full embedded virtualized networks. The era of an IoT device simply being an IP camera or a kettle, with minimal interfaces has long past and complexity, as always, has trumped secure and simple design and the need to fully test and integrate these systems has become even more important.

In this talk we will cover some of the common processor and architectures used in IoT devices, the binaries that organizations package and execute using these architectures and some of the security mistakes, best practices and attempted obfuscations that exist across them.

We will then discuss and demonstrate how to build and automate the creation of a virtualized embedded test system (which we nicknamed the malware factory) to fully test and understand interactions between 11 types of different process architecture, extract and execute binaries from embedded devices and emulate embedded systems for safe(r) testing.


  • Fredrik Söderlund
    I work as Software and Systems Security Advisor at Symsoft where I serve as a function of the CTO Office and Product management team. My current focus is mainly on Telecom security and IoT and I have been working with mobile network technology for the past 8 years. My main background however is in reverse engineering and low level programming with the main focus being on debugging and tool development.
  • Vlad Wolstencroft


Similar Presentations: