[Review] A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware

[Review] A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware

Link here

This paper doesn’t propose anything new, but creates a system called FirmSec that can detect the TPCs(third-part components) at version-level in firmware, and then recognizes the corresponding vulnerabilities. FirmSec takes IoT firmware images as input and output the vulnerabilities of TPCs contained in the firmware image.

Also, their work creates a database consisting of 34, 136 firmware images. FirmSecDataset

Implementation:

  • Preprocess the database, gathering various firmware images both public and private.

  • Preprocess the database, gathering various TPCs and their vulnerabilities.

  • Take in the firmware image, identify its characters and determines the TPCs(at version level) contained in the firmware.

  • Generate the vulnerability report of the firmware.

Read more