Breaking All the Things—A Systematic Survey of Firmware Extraction Techniques for IoT Devices
| Autor: | David Oswald, Tom Chothia, Sebastian Vasile |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Universal asynchronous receiver/transmitter
Systematic survey Computer science business.industry Firmware Interface (computing) Echo (computing) Access control 02 engineering and technology computer.software_genre ALARM Home automation 020204 information systems Embedded system 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing business computer |
| Zdroj: | Smart Card Research and Advanced Applications ISBN: 9783030154615 CARDIS |
| DOI: | 10.1007/978-3-030-15462-2_12 |
| Popis: | In this paper, we systematically review and categorize different hardware-based firmware extraction techniques, using 24 examples of real, wide-spread products, e.g. smart voice assistants (in particular Amazon Echo devices), alarm and access control systems, as well as home automation devices. We show that in over 45% of the cases, an exposed UART interface is sufficient to obtain a firmware dump, while in other cases, more complicated, yet still low-cost methods (e.g. JTAG or eMMC readout) are needed. In this regard, we perform an in-depth investigation of the security concept of the Amazon Echo Plus, which contains significant protection methods against hardware-level attacks. Based on the results of our study, we give recommendations for countermeasures to mitigate the respective methods. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|