Automated Identification and Emulation of Web Service Binaries Extracted from IoT Linux Firmware Samples (several BAs/MAs are possible)
The IoT is exposed to ongoing malicious attacks. The large set of diverse hardware and software combined with the neglection of security best practices, such as the use of the same default credentials on all devices, the often non-existent update policies, and the lack of software hardening techniques render IoT and IIoT devices an ideal target for attackers. To identify vulnerabilities in IoT and IIoT devices, security researchers and analysts utilize different methods and techniques that have been adopted from software and web security. However, in order to apply these methods and techniques, the (partial) virtualization of the devices’ firmware is necessary. In the last couple of years, researchers presented different full system emulation approaches (also known as firmware rehosting) to emulate IoT and IIoT devices. In a variety of cases, the emulation of web services can be sufficient for security analysis, since IoT and IIoT devices often expose web interfaces that are the weak link during attacks.
We plan to develop a framework that is capable of the following steps:
- Automatically identify proprietary Linux binaries in IoT and IIoT firmware samples
- Automatically analyze the identified binaries and detect if they start a web service
- Automatically reverse engineer the web service binaries and extract information for emulation
- Automatically emulate the web service binaries
We are interested in motivated students who would like to contribute to the framework and who would like to do their bachelor or master thesis in this context. If you are interested, you should bring or not be afraid to acquire knowledge in the following areas:
- Python programming
- Linux fundamentals (e.g., how syscalls and networking works)
- Reverse engineering of ELF binaries in general and especially in the utilization of Ghidra (https://ghidra-sre.org/)
- Emulation with QEMU (https://www.qemu.org/), Unicorn (https://www.unicorn-engine.org/) and Qiling (https://qiling.io/)