Large Scale Firmware Analysis For Open Source Components, Hard Coding and Weak Passwords

In recent years, Internet of things security incidents occur frequently, which has threatened the stability of the country, society and personal privacy. As the core of Internet of things equipment system, the security of firmware is very important. In order to design a more reasonable and effective firmware security detection method, the firmware needs to be analyzed in detail. This paper describes the security objectives of firmware from three aspects of confidentiality, integrity and availability, summarizes and analyzes the firmware attack surface, and carries out relevant verification experiments for each attack surface. In order to solve the tedious steps of firmware format identification, unpacking and key information extraction in the process of large-scale firmware security analysis, a firmware security analysis tool is designed and implemented, and large-scale experimental analysis of firmware is carried out from the perspectives of open-source components, weak passwords and hard coding.