The Various Facets of IoT Firmware Analysis

1. The Various Facets of IoT Firmware Analysis

2. The Various Facets of IoT Firmware Analysis • Firmware is a code or software on the device that allows and enables the device to perform various tasks. The most common architectures for IoT devices are ARM and MIPS. • Firmware provides the necessary instructions on how to communicate with hardware. Firmware is held in non-volatile memory devices such as ROM, EPROM, EEPROM, and code running on embedded devices. • Updates to Firmware: Firmware updates are often pushed to fix bugs, roll out new features, or improve security. • Can happen automatically • May need to be done manually • What Is an IOT Device? • A "non-standard" device linked to the internet is referred to as a "non-standard" device. Usually, they contain an embedded OS (firmware) and some way to interface with them. May have embedded sensors and can send, collect, and exchange data. • Examples include Security Cameras, Smart Home Devices-outlets, light switches, etc., Raspberry Pi’s, Connected Appliances-washers, dryers, ovens, etc., Wireless Routers-Linksys, D-Link, ASUS, etc., Wearables -Apple Watch, Pedometers, heart monitors, Autonomous ag equipment and cars, and Connected Appliances-washers, dryers, ovens, etc.

3. The Various Facets of IoT Firmware Analysis • Static Versus Dynamic Analysis: • Static looks at the firmware while it is not in operation • Analyze filesystem • Inspect bootloader • Looks for “hard-coded” items • Use tools such as Firmadyne, Binwalk, Firmwalkeretc • Dynamic looks at it while in operation: • Need to have device on and have access to it • Also have the option to virtualize the IoT device • Use pentest type tools like nmap, Metasploit etc • Interesting right? • Want to know more on this topic: https://bit.ly/3AFQ7R8