Hunting for Backdoors in IoT Firmware at Unprecedented Scale

This talk focuses on research and development of novel processes designed to perform semantic analysis on source code and binaries within the firmware of IoT devices.

Our aim with this work is to uncover the types of vulnerabilities being actively exploited in the wild. In this talk I illustrate our approach to this problem by walking through a seemingly straightforward problem: finding backdoors in IoT firmware.

Throughout this talk I’ll use real data obtained through 198,532 IoT firmware images we collected, unpacked, and analyzed across 76 IoT manufacturers and 64 product categories.

I will demonstrate our process for scaling semantic analysis across this dataset and reveal backdoors we uncovered through the analysis of more than 5 million native binaries, shell scripts, PHP, Python, Java applets and JavaScript files. I will cover how multiple backdoor manifestations can be discovered using a relatively simple parse trees and heterogeneous ASTs generated by LL(k) recursive-descent and semantic predicate parsers. I’ll run a two demos that show this process to illustrate just how fast it is at analyzing real backdoors in source files extracted from commercial IoT device firmware.

Location: Date: November 27, 2018 Time: 3:00 pm - 4:00 pm John Toterhi