Automated User-Mode Emulation of Embedded Web Interfaces


With an increasing number of IoT devices, cyberattacks that target these devices are on the rise. In order to cut development costs, these devices are often manufactured without focusing on security. Usually, these devices expose web interfaces for administration and maintenance purposes, which poses a great risk, since web security is notoriously complex. In order to mitigate such threats, security researchers analyze these devices for potential vulnerabilities by applying advanced analysis techniques such as fuzzy testing. However, for conducting an automated large-scale analysis on a multitude of devices, it is infeasible to run these tests on physical devices. To alleviate this problem, security researchers resort to firmware re-hosting techniques such as full-system emulation, that aims at mimicking the real devices as closely as possible. While firmware re-hosting using full-system emulation is currently considered state-of-the-art, it imposes a large computational overhead and is error-prone. Additionally, the emulation of peripheral devices such as non-volatile memory (NVRAM), that are present on the real device but are absent in an emulation environment, is one of the most challenging aspect of firmware emulation. This project aims at investigating the applicability of user-level emulation for firmware re-hosting purposes, in order to provide a more efficient and targeted method of emulating embedded web servers. This would enable large-scale analysis to be conducted more efficiently and with a higher success rate, which leads to more vulnerabilities being found. For this experimental approach, the binary emulation framework Qiling is utilized because of its dynamic instrumentation capabilities. Several samples of a firmware dataset are used to evaluate the results.