[Review] A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware

Link here

This paper doesn’t propose anything new, but creates a system called FirmSec that can detect the TPCs(third-part components) at version-level in firmware, and then recognizes the corresponding vulnerabilities. FirmSec takes IoT firmware images as input and output the vulnerabilities of TPCs contained in the firmware image.

Also, their work creates a database consisting of 34, 136 firmware images. FirmSecDataset

Implementation:

• Preprocess the database, gathering various firmware images both public and private.

• Preprocess the database, gathering various TPCs and their vulnerabilities.

• Take in the firmware image, identify its characters and determines the TPCs(at version level) contained in the firmware.

• Generate the vulnerability report of the firmware.

  

In order to implement version level verification, they apply syntactical features and CFG features to perform the version check.

Evaluation:

• Evaluate the accuracy of FirmSec.
• Comparison: Compare with three state of the arts: Gemini, BAT and OSSPolice.

The work also discloses the GPL/AGPL license violations widely exist in firmware.

Future work:

• A better approach to version-level verification.
• Adopt fuzzing mechanisms to automatically find vulnerabilities.