Capture: Improve IoT firmware security with new firmware architecture
Capture is a firmware writing architecture developed and maintained by Han Zhang and the team at CyLab Security and Privacy Institute of Carnegie Mellon University. Using Capture allows you to push updates to your IoT devices within your local network.
In this article, we shall discuss what Capture is, look at its components and discuss how its application can benefit both IoT device owners and IoT device vendors.
Why use Capture?
The inspiration behind Capture comes from the fact that many IoT devices are not regularly patched for security vulnerabilities from vulnerable libraries that are widely adopted. IoT vendors generally build their IoT software by incorporating third-party libraries that are largely vulnerable to IoT-based attacks. The software developers behind these IoT devices accept the convenience of having to import third-party libraries to make the coding process faster rather than writing their own libraries from scratch. When multiple vendors implement such libraries, they automatically inherit vulnerabilities that originated from the original developer of the libraries. According to Han Zhang and his team, this is the most common source of such vulnerabilities, and it places many homes at risk of cyberattacks.
How vulnerable are IoT devices?
Zhang and his team analyzed 122 different IoT firmware and 27 different IoT devices within eight years of being released. The motivation for this research had three parts:
- To determine how extensive the use of third-party libraries was across vendors
- To determine whether the identified libraries were being patched for vulnerabilities
- To determine whether there were significant delays in the vendors updating patched libraries
According to the research data, Zhang and his team found that the vendors updated libraries infrequently and that they used outdated and mostly vulnerable versions most of the time. They found that the vendors had not updated the libraries for as much as hundreds of days after critical vulnerabilities were made available to the public. Zhang concluded that relying on vendors for updates was problematic since it took too much effort and did not provide much incentive for the vendors.
How does Capture work?
Capture performs centralized library management for your home. It works as a WiFi access point for all your IoT devices and replaces their libraries with more current alternatives that are centrally stored within it. An IoT device supporting Capture contains two components: Capture-enabled firmware on the device and a remote driver that uses third-party libraries on the Capture hub in the local network. This achieves the following functions:
- Device integrity: Capture ensures communication integrity between the IoT device and its driver is stored and managed from within Capture. This makes it easy to update the driver to ensure the IoT device is functioning.
- Security: Capture ensures security within the IoT device’s environment.
- Ease of adoption: Capture makes it very easy to make any changes to the IoT devices since any change is made on the Capture hub and not the IoT device itself.
- Performance and scalability: Capture ensures that there is support for hundreds of IoT devices from within one hub, and all this is done with the least possible overhead.
To achieve isolation and security and ensure that an attacker cannot hack the hub and abuse the IoT devices connected, Capture implements a feature of the WPA2 WiFi protocol to construct device-specific VLANs and unique network credentials.
Capture also binds unique virtual network interfaces to each device and assigns different subnets for security. Capture creates separate security domains for each driver within the hub to manage resource isolation and also creates an isolated runtime for each device driver pair by leveraging Linux security modules and the inbuilt firewall.
Capture blocks all network communication between the local IoT devices except for their drivers. This protects the devices even if they have vulnerable firmware components. These drivers are, however, allowed to communicate via the public internet.
What are some of the limitations associated with Capture?
As with every innovative solution, a few limitations currently hinder the take-off of this concept project. Here are some of these hindrances.
- Single point of failure: This is the most obvious challenge because it means that if the Capture hub goes down for any reason, the entire local network will be left vulnerable.
- Vendor incentives and adoption challenges: One challenge is convincing the vendors to accept to integrate with and use Capture.
- Protocol compatibility: There are various challenges with protocol compatibility between the IoT devices and the Capture hub.
- Augmenting device resources: Research is still going on. It is still quite challenging to improve the performance of IoT devices in the local network to improve their storage and processing abilities. It is not yet possible to do this.
- Firmware splitting: Capture suggests splitting monolithic firmware into remote and local components. This approach encounters practical challenges, such as data serialization, consistency and fault tolerance.
Capture is an innovative solution that improves the security of IoT devices in your local network. Using Capture not only improves the user experience of IoT users at home but also makes the work of vendors easier since they can now be device-specific rather than having to deal with old devices with outdated firmware. Should this concept take off, we could see a world where IoT-based cyberattacks are largely mitigated.
- Capture: Centralized Library Management for Heterogeneous IoT Devices, Han Zhang, Abhijith Anilkumar, Matt Fredrikson, and Yuvraj Agarwal, Carnegie Mellon University
- “Capture” your IoT devices and improve their security, CyLab
- Protecting IoT devices from unpatched code, GCN
- USENIX Security ’21 — Capture: Centralized Library Management for Heterogeneous IoT Devices, USENIX