Breaking all the things: a systematic survey of firmware extraction and modification techniques for IoT devices
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
Authors
Colleges, School and Institutes
Abstract
In this paper, we systematically review and categorize different hardware-based firmware extraction techniques, using 24 examples of real, wide-spread products, e.g. smart voice assistants (in particular Amazon Echo devices), alarm and access control systems, as well as home automation devices. We show that in over 45% of the cases, an exposed UART interface is sufficient to obtain a firmware dump, while in othercases, more complicated, yet still low-cost methods (e.g. JTAG or eMMC readout) are needed. In this regard, we perform an in-depth investigation of the security concept of the Amazon Echo Plus, which contains significant protection methods against hardware-level attacks. Based on the results of our study, we give recommendations for countermeasures to mitigate the respective methods.
Details
Original language | English |
---|---|
Title of host publication | CARDIS 2018: Smart Card Research and Advanced Applications |
Publication status | E-pub ahead of print - 7 Mar 2019 |
Event | 17th Smart Card Research and Advanced Application Conference - Montpellier, France Duration: 12 Nov 2018 → 14 Nov 2018 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 17th Smart Card Research and Advanced Application Conference |
---|---|
Country | France |
City | Montpellier |
Period | 12/11/18 → 14/11/18 |