IoT firmware analysis -- Firmwalker
IoT is the next big technology that will change the way we communicate and exchange data. Every day thousands of IoT devices are coming into the market. Most of these devices collect and exchange data over the cloud. Not much effort has been put into securing the IoT devices, thus understanding the security of IoT devices and their communication is of utmost importance.
If one has a close look at any IoT Network, there are many components to be secured. Some of them are listed below –
Learn IoT Security
- Web/Cloud Interface
- Mobile Application
- IoT Communication Protocols
- IoT Hardware Interfaces like JTAG, UART, SPI, and I2C.
- IoT Device Firmware
Security of all the components mentioned above cannot be covered in a single post. In this post, I will explain how to analyze the firmware of any IoT device since not much resource is available on firmware security.
IoT firmware – What is IoT firmware?
Firmware is a software program programmed on a hardware device. It provides the necessary instructions on how the device communicates with the other computer hardware.
Have you seen something like shown in the image below?
Now I hope it's clear what firmware is. Put simply, the software running on any IoT device is termed as Firmware.
Firmware Analysis Methodology – To analyze any firmware, there are two ways to do so – one is manual and other uses a tool. Manual Analysis consumes a lot of time, and due to time constraints often it is not possible to do a manual analysis. Thus, automated analysis of firmware comes in handy.
In this post, we will learn how to use a tool named Firmwalker for analyzing the firmware. The tool was written by Craig and can be found at https://github.com/craigz28/Firmwalker. Please download it for performing firmware analysis practically.
The tool is basically a bash script capable of identifying following issues –
- etc/shadow and etc/passwd
- list out the etc/ssl directory
- search for SSL related files such as .pem, .crt, etc.
- search for configuration files
- look for script files
- search for other .bin files
- look for keywords such as admin, password, remote, etc.
- search for common web servers used on IoT devices
- search for common binaries such as ssh, tftp, dropbear, etc.
- search for URLs, email addresses, and IP addresses
- Experimental support for making calls to the Shodan API using the Shodan CLI
Above are the issues widely found in IoT firmware and the tool does a great job in identifying the issues.
Procedure for automated firmware vulnerability analysis
- Get the Firmware – The IoT firmware can be obtained by downloading from the official website of the vendor. If not available on the website for some reason, vendor itself may provide the firmware. If this also does not work, many times a google search or Github search will do the job.
- Extract the Firmware – Firmware files are usually bundled or compressed files. They are widely available in bin, zip, gzip or tar format. We need to extract the firmware first to go through the files. This is achieved using a tool named Binwalk. More on Binwalk can be found here - https://github.com/ReFirmLabs/Binwalk . Binwalk is already installed on Kali Linux.
- Run Firmwalker – Once the files are extracted, we need to run Firmwalker over it. Firmwalker will scan all the files present in the firmware and look for the vulnerabilities listed above. The only prerequisite is the extracted firmware file, and Firmwalker should be present in the same folder. Once the scanning is done, Firmwalker generates the output in a file name Firmwalker.txt by default. This Firmwalker.txt file contains the list of vulnerabilities which were found in the firmware.
Practical Demo - The demo file can be downloaded from this link - http://www.filewatcher.com/m/DIR412A1_FW114WWb02.bin.3534983-0.html. There are four firmware files available. Download the one belonging to the year 2013.
After downloading, copy the file into Firmwalker folder as shown below (I have renamed the file as DLink.bin) –
Run Binwalk to extract the firmware file as shown
The output is shown in the folder
Once the file has been extracted run Firmwalker as shown below –
The output of the result is saved in the file names Firmwalker.txt. The screenshots are shown below –
Opening the file, we see the result as shown –
The above result shows the shell scripts found in the firmware.
Another issue found is shown below –
This is how one goes through the result and find and exploit the issues.
In this firmware, there was one shell script found as shown below –
It seems it is related to telnet login.
On opening the path, I see –
Woah. It is related to telnet login. On reading the highlighted lines, the username is Alphanetworks, and the password is being loaded from the variable image_sign. The path of the variable is shown in the first highlighted line.
When we open that file, we get the password as shown below –
Now, we have the username and the password; we can easily login over the telnet connection. The worst part is all the devices running the firmware are vulnerable and can be compromised.
Learn IoT Security
Thus, Firmwalker is a great tool for scanning and finding the issues in an IoT Firmware.
Learn IoT Security
Build your IoT security skills and become a Certified IoT Security Practitioner. What you'll learn:- Securing IoT networks
- Software and firmware risks
- Controlling access to IoT
- Ensuring privacy
- And more
In this Series
- IoT firmware analysis -- Firmwalker
- The growing importance of cybersecurity in the IoT era
- Capture: Improve IoT firmware security with new firmware architecture
- Smart Toys and Their Cybersecurity Risks: Are Our Toys Becoming a Sci-Fi Nightmare? [updated 2021]
- Japan’s IoT scanning project looks for vulnerable IoT devices
- IoT security fundamentals: IoT vs OT (Operational Technology)
- IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications
- IoT Security Fundamentals: Hardware, Software and Radio Security
- IoT Security Fundamentals: Detecting and Exploiting Web Application Vulnerabilities
- Firmware reverse engineering: A step-by-step guide
- Keeping Alexa out of the boardroom (and the bedroom office): IoT security tips for remote employees
- Internet of Things (IoT) trends in 2019
- Can legislation save IoT security?
- An Overview of the Proposed DIGIT Act
- The IoT Security Skills Gap
- Internet of Things (IoT) Evolution: Where to From Here?
- Security Issues in Edge Computing and the IoT
- 10 Tips to Increase IoT Cameras Protection
- Shodan and IoT: The Problem is here!
- The Top Ten IoT Vulnerabilities
- How IoT is Raising Cybersecurity Concerns
- The Rise of the IoT Botnet: Beyond the Mirai Bot
- Security Vulnerabilities of Internet-Connected Homes
- Security Challenges in the Internet of Things (IoT)
- Will IoT Security Awareness Protect Me From My Toaster?
- The Emergence of IoT: Is Security a Concern?
- Internet of Things: How Much are We Exposed to Cyber Threats?
- How to Test the Security of IoT Smart Devices
- Three Security Practices That IoT Will Disrupt
- Privacy Implications of the Internet of Things
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
