Brent Shaw is a security analyst, with areas of interest including hardware security, IoT, as well as the visualisation and sonification of data. Currently completing a PhD (part-time) through Rhodes University.
Title: Hashing the $#!+ out of firmware
Everything is broken… But is it possible that more things are more broken than we though? Probably. But lets look at that.
When it comes to embedded devices, we rely largely on the OEM manufacturer to provide firmware and firmware updates. These updates could be issued for a number of reasons: better performance, improved feature set, bug fixes, and security patches. But when you download a firmware update, you generally only have the manufacturer’s word that it does what it says, with information sometime being provided in the change-log. But these change logs don’t always tell all.
This research looks at pulling firmware apart to see whats inside, and comparing firmwares to see what might have changed (between versions), and what might be getting reused (between different devices). By mapping out the changes between firmware versions, we can start to verify change-logs and identify how these firmwares are evolving.
What investigation would be complete without looking at some vulnerabilities. Firmwares with known vulnerabilities can be used to track down vulnerabilities in other firmwares (across different versions and even devices). Using these methods, vulnerabilities can be found in firmwares that have not yet been listed.
A few other topics related to firmware investigation will be discussed, including verifying the integrity of open source packages and a few interesting things that have been stumbled upon during these investigations.